Questions on latest security bulletin

[HostaHost]

Today's bulletin, which references http://kb.parallels.com/114377, states that there are updates available for:

10.4.x
10.3.x
10.2.x
10.1.x
10.0.x
9.5.x
9.3.x
9.2.x
9.0.x
8.6.x
8.4.x
8.2.x

yet the autoinstaller only seems to know about updates for 10.4.x, 9.5.4 and 8.6. It reports nothing available for all the other versions. Does that mean the other versions are all vulnerable or that they were never vulnerable to begin with? Why is there NO information published about what actual files, and what file versions, are vulnerable so that people responsible for the security of the servers can check their status?

 

[abdi]

Try updating from the parallels server as source directly with the command

/usr/local/psa/admin/sbin/autoinstaller --source=http://64.131.90.31

 

[HostaHost]

Try updating from the parallels server as source directly with the command

/usr/local/psa/admin/sbin/autoinstaller --source=http://64.131.90.31

Didn't change things. They claim their releases cover a variety of versions but apparently that is not the case, and I'm still waiting for them to actually provide documentation on what their microupdates replace so we can systematically verify every server is patched regardless of what the often broken autoinstaller and update servers say.

 

[LeithD]

There are custom fixes for those version outside of the ones support by the microfixes.

check the page again, and possible clear your browser cache first.

There is a table including all the fixes, which wasn't there when the page first went up.

 

[IgorG]

There is a table including all the fixes, which wasn't there when the page first went up.

You are correct. The table from article should help.

 

[HostaHost]

How about a complete list of what changes so we can script out ensuring the patches were really applied?