• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

What about secutiry-issues in Plesk-RPMs?

Z

zeeman

Guest
Hi!

I've got a question according to the RPMs installed by the PSA-setup (I use SuSE10 OSS):

The setup installs a lot of RPMs that are not in the SuSE-packagetree.

What happens if there's a security hole in one of these packages?
I don't talk about distro-packages like OpenSSH or so!

Fo exampe what happens if the psa-courir-imap-rpm has a security hole?
Will Swsoft deliver an updated rpm?
Have I to update the package by my own?
If I have to update the package own my own, where do I get additional information like used patches, installation-prefix and so on?
 
The most recent security update SW-Soft released was related to Horde's security flaw. Shortly after the public notice was out, pressure hit SWSoft to update the RPMs made available to Plesk 8 users (as we use "custom" versions of Horde). Within two days, if I remember correctly, an update was available with a hotfix to Plesk that was supposed to fix a few other bugs as well. Horde's security issue was resolved, other plesk issues still exist...but that's a different story.

Major issues w/plesk security seem to be addressed fairly quickly from what I see. Now, that's just with the RPMs that SW-Soft has specific control over (such as the aforementioned psa-courier-imap, psa-horde, etc.). Things like httpd, openssh, etc., they don't manage, and they don't worry about. They follow the policy of "it's your box to administer, you do your job". Fairly simple, but a pain at the same time...

Anyway, that's my two pennies, and that's about all it's worth.. Hope it helps you out.
 
no question, swsoft shouldn't care about the whole packages provided by the distribution.

I only ask for the psa-* packages installed by the plesk-installer.

This are great infos, thanks.
But I've got a (maybe silly) question:
How do I update the packages?
Does this happen during the Updater in the plesk-admin-interface or have I to start a scirpt in a shell?
 
The Plesk Updater (Admin CP -> Server -> Updater -> Plesk Version -> it'll actually highlight the updates available...)
 
You must log in or register to reply here.

Similar threads

A
Question Upgrade Almalinux 8 to 9 with Plesk installed
Replies
2
Views
362
ansgar
A
H
Issue Plesk Firewall issues installing
Replies
2
Views
684
Huey Tinman
H
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
658
Lenny
Lenny
I
Issue Unable to install Extensions or update plesk
Replies
4
Views
1K
Maarten.
M
A
Question Plesk Obsidian migration from Centos 7 to Debian 10
Replies
2
Views
2K
ArchanfelHUN
A
Back
Top