Results 1 to 7 of 7

Thread: Critical Security Patch - Plesk 10.3.1

  1. #1
    Kilo Poster
    Join Date
    Oct 2006
    Posts
    66

    Default Critical Security Patch - Plesk 10.3.1

    Hello,

    The critical security patch notification released 2/9/2012 suggests updating to Plesk 10.3.1 MicroUpdate #6 or later to resolve the vulnerability. My version of Plesk does not list MicroUpdate number. Instead Plesk gives this version: psa v10.3.1_build20110630.16. Is my version of Plesk vulnerable? Where do I find MicroUpdate number in Plesk 10.3.1? Thank you.
    Last edited by ScottT; Feb 10, 2012 at 10:12 AM. Reason: Clarity



  2. #2
    Kilo Poster
    Join Date
    Feb 2009
    Posts
    34

    Default

    Hmmm, I'd like to know the answer to this too. I'd also like to know, if this is only a risk to Plesk Panel if access to the the control panel is publicly available.



  3. #3
    Parallels Team IgorG's Avatar
    Join Date
    Oct 2009
    Location
    Novosibirsk, Russia
    Posts
    15,383

    Default

    You can find number of installed microupdate with following command:

    # cat /root/.autoinstaller/microupdates.xml

    It is described in KB article Using Micro-Updates in Parallels Plesk Panel 9.x, 10.x, and Parallels Small Business Panel



  4. #4
    Kilo Poster
    Join Date
    Oct 2006
    Posts
    66

    Default

    These instruction are for linux/unix. How do I find microupdate# in Windows?



  5. #5
    Parallels Team IgorG's Avatar
    Join Date
    Oct 2009
    Location
    Novosibirsk, Russia
    Posts
    15,383

    Default

    Look at C:\PleskInstaller\microupdates.xml



  6. #6
    Kilo Poster
    Join Date
    Oct 2006
    Posts
    66

    Default

    My server does not have a PleskInstaller directory. I located microupdates.xml in another directory. Here are the contents:

    <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
    <patches>
    <product id="panel" version="10.3.1">
    <patch version="10" timestamp="" />
    </product>
    </patches>


    So, it appears I have MU #10 and my server is not vulnerable. Thanks for your help.
    Last edited by ScottT; Feb 14, 2012 at 08:36 AM.



  7. #7
    Parallels Team IgorG's Avatar
    Join Date
    Oct 2009
    Location
    Novosibirsk, Russia
    Posts
    15,383

    Default

    Yes, you have installed this microupdate - http://kb.parallels.com/en/112463



Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •