Release Notes for Updates Issued for Parallels Plesk Panel 9.x for Linux Systems

Contents

  1. Introduction
  2. What's New
    1. Parallels Plesk Panel 9.5.4 MU #29 [25-Jun-2013]
    2. Parallels Plesk Panel 9.5.4 MU #28 [12-Apr-2013]
    3. Parallels Plesk Panel 9.5.4 MU #27 [01-Nov-2012]
    4. Parallels Plesk Panel 9.5.4 MU #26 [25-Oct-2012]
    5. Parallels Plesk Panel 9.5.4 MU #25 [09-Oct-2012]
    6. Parallels Plesk Panel 9.5.4 MU #24 [04-Oct-2012]
    7. Parallels Plesk Panel 9.5.4 MU #23 [10-Sep-2012]
    8. Parallels Plesk Panel 9.5.4 MU #21 [15-Jul-2012]
    9. Parallels Plesk Panel 9.5.4 MU #19 [27-Mar-2012]
    10. Parallels Plesk Panel 9.5.4 MU #18 [14-Mar-2012]
    11. Parallels Plesk Panel 9.5.4 MU #17 [08-Feb-2012]
    12. Parallels Plesk Panel 9.5.4 MU #16 [26-Dec-2011]
    13. Parallels Plesk Panel 9.5.4 MU #15 [21-Dec-2011]
    14. Parallels Plesk Panel 9.5.4 MU #14 [19-Dec-2011]
    15. Parallels Plesk Panel 9.5.4 MU #13 [05-Dec-2011]
    16. Parallels Plesk Panel 9.5.4 MU #11 [02-Sep-2011]
    17. Parallels Plesk Panel 9.5.4 MU #10 [27-Jul-2011]
    18. Parallels Plesk Panel 9.5.4 MU #9 [26-Jul-2011]
    19. Parallels Plesk Panel 9.5.4 MU #6 [16-Jun-2011]
    20. Parallels Plesk Panel 9.5.4 MU #5 [06-Apr-2011]
    21. Parallels Plesk Panel 9.5.4 MU #4 [17-Feb-2011]
    22. Parallels Plesk Panel 9.5.4 MU #1 [14-Jan-2011]
    23. Parallels Plesk Panel 9.5.3 MU #3 [14-Jan-2011]
    24. Parallels Plesk Panel 9.5.3 MU #1 [11-Nov-2011]
    25. Parallels Plesk Panel 9.5.2 MU #10 [06-Apr-2011]
    26. Parallels Plesk Panel 9.5.2 MU #7 [14-Jan-2011]
    27. Parallels Plesk Panel 9.5.2 MU #6 [11-Nov-2011]
    28. Parallels Plesk Panel 9.5.2 MU #4 [21-Jul-2011]
    29. Parallels Plesk Panel 9.5.2 MU #3 [27-Jun-2010]
    30. Parallels Plesk Panel 9.5.2 MU #2 [11-Jun-2010]
    31. Parallels Plesk Panel 9.5.2 MU #1 [17-May-2010]
    32. Parallels Plesk Panel 9.5.1 MU #1 [18-May-2010]
    33. Parallels Plesk Panel 9.3.0 MU #9 [06-Apr-2011]
    34. Parallels Plesk Panel 9.3.0 MU #7 [12-Jan-2011]
    35. Parallels Plesk Panel 9.3.0 MU #6 [11-Aug-2010]
    36. Parallels Plesk Panel 9.3.0 MU #5 [23-Jul-2010]
    37. Parallels Plesk Panel 9.3.0 MU #4 [23-Jun-2010]
    38. Parallels Plesk Panel 9.3.0 MU #3 [18-May-2010]
    39. Parallels Plesk Panel 9.3.0 MU #2 [01-Apr-2010]
    40. Parallels Plesk Panel 9.3.0 MU #1 [17-Feb-2010]
    41. Parallels Plesk Panel 9.2.3 MU #3 [12-Jan-2011]
    42. Parallels Plesk Panel 9.2.3 MU #2 [18-May-2010]
  3. Installation Instructions
  4. Contact Information

1. Introduction

These release notes provide information about the latest updates issued for Parallels Plesk Panel 9.x for Linux systems.

2. What's New

Parallels Plesk Panel 9.5.4 MU #29 [25-Apr-2013]

[-]  Fixed moderate security issue with leak of sensitive information. The issue can be exploited by authenticated users only. Authenticated users are users that have logins to Parallels Plesk Panel (such as your customers, resellers, or your employees). This MU is strongly recommended for all Parallels Plesk Panel users.

Parallels Plesk Panel 9.5.4 MU #28 [12-Apr-2013]

[-]  Fixed moderate security issue with privilege escalation. Parallels Plesk Panel versions 9.x-11.x with Apache web server running mod_php, mod_perl, mod_python, etc. is vulnerable to authenticated user privilege escalation. Authenticated users are users that have login to Parallels Plesk Panel (such as f.e. your customers, resellers, or your employees). Parallels Plesk Panel instances with Apache web server configured with Fast CGI (PHP, perl, python, etc) or CGI (PHP, perl, python, etc) are NOT vulnerable. More details in article Public issues VU#310500 and CVE-2013-0132, CVE-2013-0133. This MU is recommended for all Parallels Plesk Panel users.

Parallels Plesk Panel 9.5.4 MU #27 [01-Nov-2012]

[-]  Critical security enhancement. Removal of malware which is possible to exploit without authenticating. Infected nodes might be known to and exploited by hackers.

Parallels Plesk Panel 9.5.4 MU #26 [25-Oct-2012]

[-]  Critical security enhancement. Removal of malware which is possible to exploit without authenticating. Infected nodes might be known to and exploited by hackers.

Parallels Plesk Panel 9.5.4 MU #25 [09-Oct-2012]

[-]  PCI compliance scanners are failing because Courier IMAP is not PCI compliant. (119969)

[*]  Parallels Autoinstaller has been updated to version 3.12.0.

Parallels Plesk Panel 9.5.4 MU #24 [04-Oct-2012]

[-]  Major security fixes.

Parallels Plesk Panel 9.5.4 MU #23 [10-Sep-2012]

[*]  Major security enhancements.

Parallels Plesk Panel 9.5.4 MU #21 [15-Jul-2012]

[-]  Includes functional fixes, stability improvements, and security updates - including for third-party products.

[-]  By applying this new MicroUpdate, all previous MicroUpdates will also be applied (including those part of the most recent advisory http://kb.parallels.com/113321 )

[-]  Independent of this update Parallels is aware of the unsubstantiated claims of a Security Vulnerability in Parallels Plesk Panel version 10.4 and earlier http://kb.parallels.com/en/114330 . After deep investigation, Parallels has been unable to substantiate any claims of this vulnerability. All reported issues have been traced back to the vulnerability from February that was resolved at that time with http://kb.parallels.com/113321

[-]  Parallels highly advises that this latest MicroUpdate and all previous are installed to insure that your environments are current on all fixes.

Parallels Plesk Panel 9.5.4 MU #19 [27-Mar-2012]

[-]   Fixed moderate security issue in Courier IMAP server (#79692).

Parallels Plesk Panel 9.5.4 MU #18 [14-Mar-2012]

[-]  XSS vulnerability in Horde.

Parallels Plesk Panel 9.5.4 MU #17 [08-Feb-2012]

[-]  XSS vulnerability in Horde.

Parallels Plesk Panel 9.5.4 MU #16 [26-Dec-2011]

[-]  Plesk 9.5.4 MU15 can't be applied correctly.

Parallels Plesk Panel 9.5.4 MU #15 [21-Dec-2011]

[-]  Changes in DrWeb configuration which define operation with errors during scanning messages.

Parallels Plesk Panel 9.5.4 MU #14 [19-Dec-2011]

[-]  Dr.Web blocks messages with "read error" during email scanning.

Parallels Plesk Panel 9.5.4 MU #13 [05-Dec-2011]

[-]  ProFTPD Response Pool Use-After-Free Vulnerability fixed.

Parallels Plesk Panel 9.5.4 MU #11 [02-Sep-2011]

[-]  SQL injection vulnerability fixed.

Parallels Plesk Panel 9.5.4 MU #10 [27-Jul-2011]

[*]  Plesk Updates page changed to use autoinstaller's native GUI.

[-]  Apache configuration file is not updated when a client changes SSL certificate.

[-]  Applications shown as belonging to other domains are displayed in 'Full Report' of domain.

[-]  Client is able to add DNS record to server DNS template.

[-]  CNAME record in DNS template is ignored at domain creating.

[-]  SPF doesn't check TXT record of sender's domain if SPF record is absent. Fix is not available for Fedora Core 4 x64, SuSE 10.3 x64 and Ubuntu 7.10 x64.

[-]  PHP fatal error on web users page in some different conditions.

Parallels Plesk Panel 9.5.4 MU #9 [26-Jul-2011]

[*]  Autoinstaller has been updated to version 3.10.0.

Parallels Plesk Panel 9.5.4 MU #6 [16-Jun-2011]

[-]  Multiple XSS vulnerabilities in Plesk were fixed.

[-]  Plesk vulnerability that allows to call some API-RPC methods without permissions enough for their execution was fixed


Parallels Plesk Panel 9.5.4 MU #5 [06-Apr-2011]

[-]  Qmail-TLS STARTTLS protocol plaintext command injection vulnerability fixed.


Parallels Plesk Panel 9.5.4 MU #4 [17-Feb-2011]

[-]  Migration between Plesk servers failed as free disk space on a target server was not calculated correctly.


Parallels Plesk Panel 9.5.4 MU #1 [14-Jan-2011]

[-]  When the Statistics page was requested in Watchdog, the following error occurred: "Internal error: failed to adjust system time in accordance with daylight savings time change".


Parallels Plesk Panel 9.5.3 MU #3 [14-Jan-2011]

[-]  When the Statistics page was requested in Watchdog, the following error occurred: "Internal error: failed to adjust system time in accordance with daylight savings time change".


Parallels Plesk Panel 9.5.3 MU #1 [11-Nov-2011]

[-] Security vulnerability in ProFTPD which allowed unauthenticated attackers to execute remote code and compromise a server was fixed.


Parallels Plesk Panel 9.5.2 MU #10 [06-Apr-2011]

[-]  Qmail-TLS STARTTLS protocol plaintext command injection vulnerability fixed.


Parallels Plesk Panel 9.5.2 MU #7 [14-Jan-2011]

[-]  When the Statistics page was requested in Watchdog, the following error occurred: "Internal error: failed to adjust system time in accordance with daylight savings time change".


Parallels Plesk Panel 9.5.2 MU #6 [11-Nov-2011]

[-] Security vulnerability in ProFTPD which allowed unauthenticated attackers to execute remote code and compromise a server was fixed.


Parallels Plesk Panel 9.5.2 MU #4 [21-Jul-2011]

[-] AWStats did not log all website visits. This issue was resolved.


Parallels Plesk Panel 9.5.2 MU #3 [27-Jun-2010]

[-] Opening website hosting settins page could take several minutes. This issue was resolved.


Parallels Plesk Panel 9.5.2 MU #2 [11-Jun-2010]

[-] On openSUSE 11.1 64-bit, after openssl and curl packages were updated, the Panel could no longer retrieve license keys from the licensing server. This issue was resolved.


Parallels Plesk Panel 9.5.2 MU #1 [17-May-2010]

[-] A user logged in as a reseller could browse the list of customers (client accounts) in the administrator's panel. This issue was resolved.


Parallels Plesk Panel 9.5.1 MU #1 [18-May-2010]

[-] A user logged in as a reseller could browse the list of customers (client accounts) in the administrator's panel. This issue was resolved.


Parallels Plesk Panel 9.3.0 MU #9 [06-Apr-2011]

[-]  Qmail-TLS STARTTLS protocol plaintext command injection vulnerability fixed.


Parallels Plesk Panel 9.3.0 MU #7 [12-Jan-2011]

[-]  When the Statistics page was requested in Watchdog, the following error occurred: "Internal error: failed to adjust system time in accordance with daylight savings time change".


Parallels Plesk Panel 9.3.0 MU #6 [11-Aug-2010]

[-] Migration from Plesk 9.2.3 failed with an error "pmm utility 'plesk_agent_manager' raised an exception. Error code is: 1". This issue was resolved.


Parallels Plesk Panel 9.3.0 MU #5 [23-Jul-2010]

[-] AWStats did not log all website visits. This issue was resolved.


Parallels Plesk Panel 9.3.0 MU #4 [23-Jun-2010]

[-] Opening website hosting settins page could take several minutes. This issue was resolved.


Parallels Plesk Panel 9.3.0 MU #3 [18-May-2010]

[-] A user logged in as a reseller could browse the list of customers (client accounts) in the administrator's panel. This issue was resolved.


Parallels Plesk Panel 9.3.0 MU #2 [01-Apr-2010]

[-] On CentOS and RedHat Enterprise Linux systems, the Panel failed to start after installation of the openssl package update from RedHat. This issue was resolved.


Parallels Plesk Panel 9.3.0 MU #1 [17-Feb-2010]

[-] If a website was set up with the same domain name as the server's host name, the messages sent to postmaster@HOSTNAME could cause mail loop and disruption of mail services. This issue was resolved.


Parallels Plesk Panel 9.2.3 MU #3 [12-Jan-2011]

[-]  When the Statistics page was requested in Watchdog, the following error occurred: "Internal error: failed to adjust system time in accordance with daylight savings time change".


Parallels Plesk Panel 9.2.3 MU #2 [18-May-2010]

[-] A user logged in as a reseller could browse the list of customers (client accounts) in the administrator's panel. This issue was resolved.


Legend:

Legend:

[+] new feature

[-] bug resolved

[*] bug resolved and functionality improved


3. Installation Instructions

For instructions on installing updates, refer to http://kb.parallels.com/en/9294.

4. Contact Information

Parallels Headquarters
500 SW 39th Street Suite 200
Renton, WA 98057 USA
Phone: +1 (425) 282 6400, Fax: +1 (425) 282 6444
http://www.parallels.com

To purchase licenses for Parallels software, contact your vendor, or call the Parallels sales team. The phone numbers are listed at http://www.parallels.com/contact/.
For technical support, use our Online Support Form.
For billing information, send e-mail to accounting@parallels.com
To report problems with Parallels Panel software, send e-mail to bugreport@parallels.com
For information on career opportunities with Parallels, send e-mail to careers@parallels.com
For press contact information, send e-mail to press@parallels.com
For information about becoming a partner, send e-mail to partners@parallels.com
For information on translating Parallels Panel into your language, send e-mail to i18n@parallels.com
For general product information, send e-mail to info@parallels.com

Copyright © 1999-2010 Parallels.

Patented hosting technology is protected by U.S.Patents 7,099,948; 7,076,633.
Patents pending in the U.S.