Feb 10, 2012, 08:06 AM
Critical Security Patch - Plesk 10.3.1
The critical security patch notification released 2/9/2012 suggests updating to Plesk 10.3.1 MicroUpdate #6 or later to resolve the vulnerability. My version of Plesk does not list MicroUpdate number. Instead Plesk gives this version: psa v10.3.1_build20110630.16. Is my version of Plesk vulnerable? Where do I find MicroUpdate number in Plesk 10.3.1? Thank you.
Last edited by ScottT; Feb 10, 2012 at 11:12 AM.
Feb 10, 2012, 10:19 AM
Hmmm, I'd like to know the answer to this too. I'd also like to know, if this is only a risk to Plesk Panel if access to the the control panel is publicly available.
Feb 10, 2012, 10:11 PM
You can find number of installed microupdate with following command:
# cat /root/.autoinstaller/microupdates.xml
It is described in KB article Using Micro-Updates in Parallels Plesk Panel 9.x, 10.x, and Parallels Small Business Panel
Feb 13, 2012, 12:03 PM
These instruction are for linux/unix. How do I find microupdate# in Windows?
Feb 14, 2012, 12:26 AM
Look at C:\PleskInstaller\microupdates.xml
Feb 14, 2012, 09:34 AM
My server does not have a PleskInstaller directory. I located microupdates.xml in another directory. Here are the contents:
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<product id="panel" version="10.3.1">
<patch version="10" timestamp="" />
So, it appears I have MU #10 and my server is not vulnerable. Thanks for your help.
Last edited by ScottT; Feb 14, 2012 at 09:36 AM.
Feb 14, 2012, 11:45 PM
Yes, you have installed this microupdate - http://kb.parallels.com/en/112463
Tags for this Thread