Issue Can kernel be updated in Centos without breaking Plesk.

[Paul Larson]

A Centos/Plesk server of ours failed a PCI compliance test. The vulnerability cites a Linux 4.4 kernel, yet I'm running 3.1.

Server Details:

• CentOS Linux release 7.8.2003 (Core)
• 18.0.29.3 Plesk Obsidian 18.0
• CentOS Linux release 7.8.2003 (Core)

Derived from Red Hat Enterprise Linux 7.8 (Source)


NAME="CentOS Linux"

Question: Could I update the kernel to a 4.4+ version w/o breaking Plesk?

I see no way to remediate the CVE without updating the kernel.

I found this HowTo for updating the Kernel within CentOs, but not sure if this could harm Plesk.

How to Upgrade the Linux Kernel on CentOS 7 | PhoenixNAP KB

Learn the best way to upgrade the Linux Kernel in CentOS. An updated kernel improves your system's security, functionality, and speeds up your system.

phoenixnap.com

PCI Failure details

CVE Title:
CPE Based Vulnerabilities for Linux 4.4
Impact:
One or more vulnerabilities have been found that affect this service. Please see the relevant CVEs for more details.

Resolution:
Apply the latest vendor patches to your operating system: Linux 4.4

Summary

7.1

CVE Score
CVE-2018-10938 7.1
CVE-2016-2143 6.9
CVE-2016-2854 4.6
CVE-2017-7273 4.6
CVE-2016-2853 4.4

 

[IgorG]

If you are updating the kernel from the official OS vendor repository, then it is safe for Plesk.

 

[Bitpalast]

We've done Kernel updates on CentOS before and they did not have any negative impact.