1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

What about secutiry-issues in Plesk-RPMs?

Discussion in 'Plesk for Linux - 8.x and Older' started by zeeman, Aug 1, 2006.

  1. zeeman

    zeeman Guest


    I've got a question according to the RPMs installed by the PSA-setup (I use SuSE10 OSS):

    The setup installs a lot of RPMs that are not in the SuSE-packagetree.

    What happens if there's a security hole in one of these packages?
    I don't talk about distro-packages like OpenSSH or so!

    Fo exampe what happens if the psa-courir-imap-rpm has a security hole?
    Will Swsoft deliver an updated rpm?
    Have I to update the package by my own?
    If I have to update the package own my own, where do I get additional information like used patches, installation-prefix and so on?
  2. Who-m3

    Who-m3 Guest

    The most recent security update SW-Soft released was related to Horde's security flaw. Shortly after the public notice was out, pressure hit SWSoft to update the RPMs made available to Plesk 8 users (as we use "custom" versions of Horde). Within two days, if I remember correctly, an update was available with a hotfix to Plesk that was supposed to fix a few other bugs as well. Horde's security issue was resolved, other plesk issues still exist...but that's a different story.

    Major issues w/plesk security seem to be addressed fairly quickly from what I see. Now, that's just with the RPMs that SW-Soft has specific control over (such as the aforementioned psa-courier-imap, psa-horde, etc.). Things like httpd, openssh, etc., they don't manage, and they don't worry about. They follow the policy of "it's your box to administer, you do your job". Fairly simple, but a pain at the same time...

    Anyway, that's my two pennies, and that's about all it's worth.. Hope it helps you out.
  3. zeeman

    zeeman Guest

    no question, swsoft shouldn't care about the whole packages provided by the distribution.

    I only ask for the psa-* packages installed by the plesk-installer.

    This are great infos, thanks.
    But I've got a (maybe silly) question:
    How do I update the packages?
    Does this happen during the Updater in the plesk-admin-interface or have I to start a scirpt in a shell?
  4. Who-m3

    Who-m3 Guest

    The Plesk Updater (Admin CP -> Server -> Updater -> Plesk Version -> it'll actually highlight the updates available...)