Feature image

Apache optionsbleed (CVE-2017-9798)

Share

Today we have released updated Docker containers with the patches from Debian/Canonical for the Apache optionsbleed vulnerability following the Ubuntu release of those security patches a few hours ago. Updated containers are available for the 1.8.2, 1.8.1 and 1.8.0 release tags. For details of what optionsbleed is, please see the references section at the bottom of the article.

We believe that assuming you have not modified the .htaccess file that the project ships, there is no exposure to this vulnerability, however we are providing updated containers for a "belt and braces" approach.

If you are running a Xibo CMS with the official project Docker containers, then you may wish to consider updating the containers to apply the patch.

To update, please use the following instructions:

  • Locate your existing Xibo CMS Docker installation. It will be where you have your shared folder and your config.env file.
  • Before attempting the update, please be sure that your media and database files are being correctly written to the shared directory. This is particularly important if you are running on a Windows computer. To do so, upload for example an image in to the CMS, and check that the same image appears in the shared/cms/library directory. Another good check is to make sure that shared/backup/db/latest.tar.gz was created within the last 24 hours. If either of those checks fail, please do not proceed with the update as this will lead to data loss. Seek support to recover the situation.
  • Open a shell/command prompt and change in to the location of your installation:

Windows:
c:\> cd\xibo

Linux:
cd /opt/xibo

  • Run the following docker-compose commands, assuming you don't use remote mysql or custom ports.

docker-compose pull
docker-compose up -d

The CMS containers will restart with the patched version of Apache.

  • If you use remote-mysql or custom-ports variants of the docker-compose file, then don't forget to add in the -f option for that:

docker-compose -f cms_custom-ports.yml pull
docker-compose -f cms_custom-ports.yml up -d

or

docker-compose -f cms_remote-mysql.yml pull
docker-compose -f cms_remote-mysql.yml up -d

There will be a short period where the CMS is unavailable ranging from a few seconds to a few minutes. Please be patient.

If you are running Apache in front of your Docker containers as a reverse proxy, you should also ensure that is updated to the latest version from your provider. On most current Linux systems, that will simply mean applying the latest updates from your distribution.

References:

More

Read more from the blog

View Post

Device Repurposing: The Key to Sustainable Signage?

Learn why device repurposing is the key to maximising sustainability and how ChromeOS Flex can turn outdated devices into reliable digital signage players without compromising on performance or security.

View Post
View Post

How to Maximise Efficiency With Remote Device Management

In the third instalment of our ChromeOS Essentials series, you'll learn how all you need to know about RDM and how it can be used to simplify the deployment and management of your digital signage network.

View Post
View Post

Minimal Downtime: Why Reliability Is Key to Digital Signage Success

In the second part of ChromeOS Essentials, learn key strategies for minimising digital signage downtime, from choosing your operating system and CMS, to proactive planning and physical security.

View Post

More

Read more from the blog

View Post

Device Repurposing: The Key to Sustainable Signage?

Learn why device repurposing is the key to maximising sustainability and how ChromeOS Flex can turn outdated devices into reliable digital signage players without compromising on performance or security.

View Post
View Post

How to Maximise Efficiency With Remote Device Management

In the third instalment of our ChromeOS Essentials series, you'll learn how all you need to know about RDM and how it can be used to simplify the deployment and management of your digital signage network.

View Post
View Post

Minimal Downtime: Why Reliability Is Key to Digital Signage Success

In the second part of ChromeOS Essentials, learn key strategies for minimising digital signage downtime, from choosing your operating system and CMS, to proactive planning and physical security.

View Post