• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Vulnerability issues

R

rubendgt

Guest
Hi everyone,

I'm running Plesk 7.5.2 in RH9. I made an screen on the server with a security service in order to find some kind of threats and the reportes showed up that the server seems to be using a version of OpenSSL which is older than 0.9.6e or 0.9.7-beta3 and BIND 9.2.1-16 and said that this may be affected to a buffer overflow attack.

The report recommends to upgrade OpenSSL to version 0.9.6e (0.9.7beta3) or newer and upgrade BIND to 9.2.2 or downgrade to the 8.x series.

I've searching information about this in the forum but I could not find much details. I'm not sure about this, the server is running fine. I would like to know if this can affect plesk or server's functioning.
 
Originally posted by rubendgt
Hi everyone,

I'm running Plesk 7.5.2 in RH9. I made an screen on the server with a security service in order to find some kind of threats and the reportes showed up that the server seems to be using a version of OpenSSL which is older than 0.9.6e or 0.9.7-beta3 and BIND 9.2.1-16 and said that this may be affected to a buffer overflow attack.

The report recommends to upgrade OpenSSL to version 0.9.6e (0.9.7beta3) or newer and upgrade BIND to 9.2.2 or downgrade to the 8.x series.

I've searching information about this in the forum but I could not find much details. I'm not sure about this, the server is running fine. I would like to know if this can affect plesk or server's functioning.
Click to expand...

It really shouldn't, as I have done the upgrades. I recommend you go to freshrpms.net and install yum for Redhat 9 and it can do the rest for you.

Eg. yum update (do it the first time)

and it will do the rest :)
 
Also remember that just because a seruciry scanning program says that certain applicatins are vulnerable doesn't mean they actually are.

With RedHat 9, for example, RedHat (and the FLP?) "back port" security fixes from later versions into "older" version of the software. Sorry. I'm not explaining myself very well here. ....

But basically with RedHat, just because the "normal" version XXX of application YYY is "vulnerable" does not mean that version XXX of YYY from RedHat is vulnerable.

Faris.
 
You must log in or register to reply here.

Similar threads

G
Question Will there be an update soon? Vulnerability-all versions prior to phpMyAdmin 4.9.0
Replies
2
Views
992
IgorG
IgorG
Edi Duluman
Resolved How to fix the TLS Poodle PCI Compliance issue
Replies
2
Views
2K
Edi Duluman
Edi Duluman
L. Hagen
Question MySQL wont start after restore
Replies
6
Views
3K
L. Hagen
L. Hagen
J
Plesk and the heartbleed bug/ security vulnerability
Replies
13
Views
9K
Mr Fett
M
Z
Upgrade from 9.2.2 to 9.5.4 - serious issue
Replies
0
Views
1K
zmitro
Z
Back
Top