1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Questions on latest security bulletin

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by Hostasaurus.Com, Jul 16, 2012.

  1. Hostasaurus.Com

    Hostasaurus.Com Regular Pleskian

    30
    68%
    Joined:
    Oct 8, 2009
    Messages:
    465
    Likes Received:
    8
    Today's bulletin, which references http://kb.parallels.com/114377, states that there are updates available for:

    10.4.x
    10.3.x
    10.2.x
    10.1.x
    10.0.x
    9.5.x
    9.3.x
    9.2.x
    9.0.x
    8.6.x
    8.4.x
    8.2.x

    yet the autoinstaller only seems to know about updates for 10.4.x, 9.5.4 and 8.6. It reports nothing available for all the other versions. Does that mean the other versions are all vulnerable or that they were never vulnerable to begin with? Why is there NO information published about what actual files, and what file versions, are vulnerable so that people responsible for the security of the servers can check their status?
     
  2. abdi

    abdi Platinum Pleskian

    31
    18%
    Joined:
    May 14, 2006
    Messages:
    2,913
    Likes Received:
    60
    Try updating from the parallels server as source directly with the command

    /usr/local/psa/admin/sbin/autoinstaller --source=http://64.131.90.31
     
  3. Hostasaurus.Com

    Hostasaurus.Com Regular Pleskian

    30
    68%
    Joined:
    Oct 8, 2009
    Messages:
    465
    Likes Received:
    8
    Didn't change things. They claim their releases cover a variety of versions but apparently that is not the case, and I'm still waiting for them to actually provide documentation on what their microupdates replace so we can systematically verify every server is patched regardless of what the often broken autoinstaller and update servers say.
     
  4. LeithD

    LeithD New Pleskian

    10
    85%
    Joined:
    Jul 16, 2012
    Messages:
    10
    Likes Received:
    0
    There are custom fixes for those version outside of the ones support by the microfixes.

    check the page again, and possible clear your browser cache first.

    There is a table including all the fixes, which wasn't there when the page first went up.
     
  5. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,543
    Likes Received:
    1,239
    Location:
    Novosibirsk, Russia
    You are correct. The table from article should help.
     
  6. Hostasaurus.Com

    Hostasaurus.Com Regular Pleskian

    30
    68%
    Joined:
    Oct 8, 2009
    Messages:
    465
    Likes Received:
    8
    How about a complete list of what changes so we can script out ensuring the patches were really applied?
     
Loading...