• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Vulnerability issues

R

rubendgt

Guest
Hi everyone,

I'm running Plesk 7.5.2 in RH9. I made an screen on the server with a security service in order to find some kind of threats and the reportes showed up that the server seems to be using a version of OpenSSL which is older than 0.9.6e or 0.9.7-beta3 and BIND 9.2.1-16 and said that this may be affected to a buffer overflow attack.

The report recommends to upgrade OpenSSL to version 0.9.6e (0.9.7beta3) or newer and upgrade BIND to 9.2.2 or downgrade to the 8.x series.

I've searching information about this in the forum but I could not find much details. I'm not sure about this, the server is running fine. I would like to know if this can affect plesk or server's functioning.
 
Originally posted by rubendgt
Hi everyone,

I'm running Plesk 7.5.2 in RH9. I made an screen on the server with a security service in order to find some kind of threats and the reportes showed up that the server seems to be using a version of OpenSSL which is older than 0.9.6e or 0.9.7-beta3 and BIND 9.2.1-16 and said that this may be affected to a buffer overflow attack.

The report recommends to upgrade OpenSSL to version 0.9.6e (0.9.7beta3) or newer and upgrade BIND to 9.2.2 or downgrade to the 8.x series.

I've searching information about this in the forum but I could not find much details. I'm not sure about this, the server is running fine. I would like to know if this can affect plesk or server's functioning.
Click to expand...

It really shouldn't, as I have done the upgrades. I recommend you go to freshrpms.net and install yum for Redhat 9 and it can do the rest for you.

Eg. yum update (do it the first time)

and it will do the rest :)
 
Also remember that just because a seruciry scanning program says that certain applicatins are vulnerable doesn't mean they actually are.

With RedHat 9, for example, RedHat (and the FLP?) "back port" security fixes from later versions into "older" version of the software. Sorry. I'm not explaining myself very well here. ....

But basically with RedHat, just because the "normal" version XXX of application YYY is "vulnerable" does not mean that version XXX of YYY from RedHat is vulnerable.

Faris.
 
You must log in or register to reply here.

Similar threads

G
Question Will there be an update soon? Vulnerability-all versions prior to phpMyAdmin 4.9.0
Replies
2
Views
726
IgorG
IgorG
Edi Duluman
Resolved How to fix the TLS Poodle PCI Compliance issue
Replies
2
Views
2K
Edi Duluman
Edi Duluman
L. Hagen
Question MySQL wont start after restore
Replies
6
Views
2K
L. Hagen
L. Hagen
J
Plesk and the heartbleed bug/ security vulnerability
Replies
13
Views
8K
Mr Fett
M
Z
Upgrade from 9.2.2 to 9.5.4 - serious issue
Replies
0
Views
1K
zmitro
Z
Back
Top