Today we have released updated Docker containers with the patches from Debian/Canonical for the Apache optionsbleed vulnerability following the Ubuntu release of those security patches a few hours ago. Updated containers are available for the 1.8.2, 1.8.1 and 1.8.0 release tags. For details of what optionsbleed is, please see the references section at the bottom of the article.
We believe that assuming you have not modified the .htaccess file that the project ships, there is no exposure to this vulnerability, however we are providing updated containers for a "belt and braces" approach.
If you are running a Xibo CMS with the official project Docker containers, then you may wish to consider updating the containers to apply the patch.
To update, please use the following instructions:
- Locate your existing Xibo CMS Docker installation. It will be where you have your
sharedfolder and yourconfig.envfile. - Before attempting the update, please be sure that your media and database files are being correctly written to the
shareddirectory. This is particularly important if you are running on a Windows computer. To do so, upload for example an image in to the CMS, and check that the same image appears in theshared/cms/librarydirectory. Another good check is to make sure thatshared/backup/db/latest.tar.gzwas created within the last 24 hours. If either of those checks fail, please do not proceed with the update as this will lead to data loss. Seek support to recover the situation. - Open a shell/command prompt and change in to the location of your installation:
Windows:
c:\> cd\xibo
Linux:
cd /opt/xibo
- Run the following
docker-composecommands, assuming you don't use remote mysql or custom ports.
docker-compose pull
docker-compose up -d
The CMS containers will restart with the patched version of Apache.
- If you use remote-mysql or custom-ports variants of the docker-compose file, then don't forget to add in the
-foption for that:
docker-compose -f cms_custom-ports.yml pull
docker-compose -f cms_custom-ports.yml up -d
or
docker-compose -f cms_remote-mysql.yml pull
docker-compose -f cms_remote-mysql.yml up -d
There will be a short period where the CMS is unavailable ranging from a few seconds to a few minutes. Please be patient.
If you are running Apache in front of your Docker containers as a reverse proxy, you should also ensure that is updated to the latest version from your provider. On most current Linux systems, that will simply mean applying the latest updates from your distribution.
References:
More
Read more from the blog
Introducing the DSCS95 Xibo for Android Media Player
We're pleased to announce that we're extending our range of Android hardware to meet a greater variety of customer requirements. Introducing the new DSDevices DSCS95 media player.
Holiday Opening Times and Dispatch Deadlines 2022/2023
Upcoming holiday opening hours for the service desk and hardware dispatch deadlines.
Service Desk Availability - 2nd December 2022
Our Service Desk will be closed on Friday 2nd December 2022 to allow us to conduct whole-team training. Tickets can still be logged as normal.
More
Read more from the blog
Introducing the DSCS95 Xibo for Android Media Player
We're pleased to announce that we're extending our range of Android hardware to meet a greater variety of customer requirements. Introducing the new DSDevices DSCS95 media player.
Holiday Opening Times and Dispatch Deadlines 2022/2023
Upcoming holiday opening hours for the service desk and hardware dispatch deadlines.
Service Desk Availability - 2nd December 2022
Our Service Desk will be closed on Friday 2nd December 2022 to allow us to conduct whole-team training. Tickets can still be logged as normal.
