PARALLELS PLESK PANEL – SECURITY ADVISORY

Parallels Plesk Panel Customer:

Please read this message in its entirely and take the recommended actions.

On February 9, we notified you of a security vulnerability in some older versions of Parallels Plesk Panel (see below). In that notification, we recommended updating to one of several versions of Plesk where this vulnerability had already been patched.

If you have already applied the recommended update or were already running an up-to-date version, no further action is required.

For others, in order to make updating easier, especially for those providers with many Plesk instances, we have released additional "MicroUpdates" that allow for patching additional versions of Plesk without having to perform a full version upgrade.

These patches are available for:

• Plesk 10.3
• Plesk 10.2
• Plesk 10.1
• Plesk 10.0
• Plesk 9.5
• Plesk 9.3
• Plesk 9.2
• Plesk 9.0
• Plesk 8.6
• Plesk 8.4
• Plesk 8.2

Please follow our Knowledge Base article for instructions to install these patches: http://kb.parallels.com/en/113321

Parallels takes the security of our customers very seriously and encourages you to take the recommended actions as soon as possible.

Thanks,

-The Plesk Panel Team

Originally Notified on February 9, 2012:

Parallels has been informed of a SQL injection security vulnerability in some older versions of Plesk. This vulnerability is considered critical in nature and customers are advised take action quickly.

A patch has been released to resolve this vulnerability. Based on the version and operating system of Plesk you use, please follow the instructions below.

Linux

Plesk 10 - Update to Plesk 10.3.1 MicroUpdate #6 or later.
Update Instructions: here
If possible, it is recommended to update all the way to Plesk 10.4.4 to provide the most stable user experience.

Plesk 9 - Update to Plesk 9.5.4 MicroUpdate #11 or later
Update Instructions: here

Plesk 8 - Update to Plesk 8.6.0 MicroUpdate #2 or later
Update Instructions: here

Windows

Plesk 10 - Update to Plesk 10.3.1 MicroUpdate #6 or later.
Update Instructions: here
If possible, it is recommended to update all the way to Plesk 10.4.4 to provide the most stable user experience.

Plesk 9 - Apply Fix from Parallels Knowledge Base
Update Instructions: here

Plesk 8 - Apply Fix from Parallels Knowledge Base
Update Instructions: here

If you are already at or above the Version and MicroUpdate levels indicated above - you are already protected from this vulnerability.

Parallels takes the security of our customers very seriously and urges you to act quickly by applying these patches.