• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

DNS fix?

What's the ETA on that?

The discoverer will be publishing the vulnerability August 2nd. We have to be able to test the Plesk patch and fix the issues that are inevitably going to be caused by the Plesk update before the DNS poisoning from these is in the wild - which is going to be around August 3rd (if not sooner).
 
Greetings:

See http://www.theregister.co.uk/2008/07/09/dns_bug_student_discovery/

This vulnerability was reported approximately three years ago.

If your servers are secured, and your DNS servers secured (which means you only transfer between your own name severs, and only recursive queries through your own servers), then the DNS poisoning to worry about is not your own cluster, those servers external to yours.

That's why all parties need to patch. If it was just Plesk users who patched or just H-Sphere users who patched, the threat would still be present from the outside world.

In any event, we are all waiting on patching -- Plesk, H-Sphere, and other Parallels products as every patched server contributes to the overall health of the net.

Thank you.
 
Back
Top