Further to our recent update, another Ruby exploit with rubygem-json has been announced:
We advise all OnApp customers to upgrade their control panel as soon as possible.
Please follow the instructions below to upgrade your version of OnApp Cloud.
OnApp Cloud v2.3.3
Please run the following commands as root on your Control Panel server:
Ensure you are running the onapp-cp-2.3.3-8.el5 version
rpm -qa | grep onapp-cp-2.3.3
If you are running an earlier version, please instead use the update instructions here which will also now update you to the new rubygem-json.
If you are running 2.3.3-8, please go ahead with the instructions below:
service onapp stop
service httpd stop
yum clean all
yum update rubygem-json
service onapp start
service httpd start
OnApp Cloud v2.3.2 and earlier
You must upgrade to OnApp Cloud v2.3.3 to address this vulnerability.
· For instructions on upgrading your own cloud, please contact OnApp Support.
· If you have a full version license you can also raise an upgrade ticket, and we'll take care of the upgrade for you. Please be aware that there may be a queue!
OnApp Cloud v3.0
The GA version of OnApp Cloud v3.0 (to be released in the near future) will not be affected by this vulnerability.