Critical Security Patch - Plesk 10.3.1

Discussion in 'Parallels Plesk Panel 10.x for Windows Problems, Suggested Fixes, and How-To' started by ScottT, Feb 10, 2012.

  1. ScottT

    ScottT New Member

    Messages:
    66
    Hello,

    The critical security patch notification released 2/9/2012 suggests updating to Plesk 10.3.1 MicroUpdate #6 or later to resolve the vulnerability. My version of Plesk does not list MicroUpdate number. Instead Plesk gives this version: psa v10.3.1_build20110630.16. Is my version of Plesk vulnerable? Where do I find MicroUpdate number in Plesk 10.3.1? Thank you.
    Last edited: Feb 10, 2012
  2. rick.pri

    rick.pri New Member

    Messages:
    34
    Hmmm, I'd like to know the answer to this too. I'd also like to know, if this is only a risk to Plesk Panel if access to the the control panel is publicly available.
  3. IgorG

    IgorG Parallels Team

    Messages:
    16,003
  4. ScottT

    ScottT New Member

    Messages:
    66
    These instruction are for linux/unix. How do I find microupdate# in Windows?
  5. IgorG

    IgorG Parallels Team

    Messages:
    16,003
    Look at C:\PleskInstaller\microupdates.xml
  6. ScottT

    ScottT New Member

    Messages:
    66
    My server does not have a PleskInstaller directory. I located microupdates.xml in another directory. Here are the contents:

    <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
    <patches>
    <product id="panel" version="10.3.1">
    <patch version="10" timestamp="" />
    </product>
    </patches>


    So, it appears I have MU #10 and my server is not vulnerable. Thanks for your help.
    Last edited: Feb 14, 2012
  7. IgorG

    IgorG Parallels Team

    Messages:
    16,003

Share This Page