Ike.ninja

Plesk Panel 9.3.0 for Linux – Kaspersky Antivirus updated to version 8 – is available since July 28, 2011 through the Autoinstaller and vzpkg update.
Please, check http://kb.parallels.com/en/111566 for more details.

Next issues have been fixed:
[*] Plesk Updates page changed to use autoinstaller’s native GUI.
[-] Apache configuration file is not updated when a client changes SSL certificate.
[-] Applications shows as belong to other domains are displayed in ‘Full Report’ of domain.
[-] Client is able to add DNS record to server DNS template.
[-] CNAME record in DNS template is ignoring at domain creating.
[-] SPF doesn’t check TXT record of sender’s domain if SPF record is absent.
[-] PHP fatal error on web users page is some different conditions.

Update autoinstaller to version 3.10.0 to avoid problems with upgrade from 9.5.4 with Billing to 10.2 or 10.3

The following components have been updated:
Parallels Panel 10.2.0 for Linux:
Apache with SNI support updated to version 2.2.19
mod_ssl updated to version 2.2.19
MySql 5.1 updated to version 5.1.58
Parallels Panel 10.3.0 for Linux:
Apache with SNI support updated to version 2.2.19
mod_ssl updated to version 2.2.19
MySql 5.1 updated to version 5.1.58
MySql 5.5 updated to version 5.5.14

Autoinstaller has been updated to version 3.10.0 by following microupdates:
10.0.1 MU#10 for Windows
10.1.1 MU#18 for Windows
10.2.0 MU#10 for Windows

[+] Coldfusion 9 support is added.
[+] PHP 4.4.9 is included now in Parallels Plesk Panel for Windows distribution.
[+] MailEnable 5.10 is included now in Parallels Plesk Panel for Windows distribution.
[+] MySQL 5.1.56 is included now in Parallels Plesk Panel for Windows distribution.
[+] phpMyAdmin 2.11.11.3 is included now in Parallels Plesk Panel for Windows distribution.
[+] PHP 5.2.17 is included now in Parallels Plesk Panel for Windows distribution.
[+] BIND 9.7.3 is included now in Parallels Plesk Panel for Windows distribution.
[+] Kaspersky Antivirus 8 is included now in Parallels Plesk Panel for Windows distribution.
[-] Issue resolved: Reconfigurator breaks site applications data in siteapppackages and apsapplicationitems tables.
[-] Issue resolved: MSSQL user cannot access the database after migration.
[-] Issue resolved: Sometimes BIND cannot be set when creating a domain .
[-] Issue resolved: Attempt to change IP address type from exclusive to shared is ended with error: withftpmng –change-vhost-ip failed.
[-] Issue resolved: Statistics for domain will not be calculated when “www” prefix for domain is enabled.
[-] Issue resolved: AWstat statistics for domain is not calculated for some days.
[-] Issue resolved: Only one last file are exists in log’s folder after log rotation.
[-] Issue resolved: SpamAssasin adds X-SpamAssassin headers to outgoing mail if spam checking is off.
[-] Issue resolved: Reconfigurator fails on “Repair Plesk Installation -> Plesk Server Accounts” on Windows 2008.
[-] Issue resolved: Notification of finished backup is sent several times.
[-] Issue resolved: New domain is moved to default Plesk IIS application pool instead of application pool of client.
[-] Issue resolved: Multiple Plesk XSS vulnerabilities have been fixed.
[-] Issue resolved: Horde XSS vulnerability has been fixed.

The following vulnerabilities have been fixed:
PMASA-2011-5 Possible session manipulation in Swekey authentication
http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php
PMASA-2011-6 Possible code injection in setup script in case session variables are compromised
http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php
PMASA-2011-7 Regular expression quoting issue in Synchronize code
http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php
PMASA-2011-8 Possible directory traversal
http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php

The following vulnerabilities have been fixed:

PMASA-2011-5 Possible session manipulation in Swekey authentication
http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php

PMASA-2011-6 Possible code injection in setup script in case session variables are compromised
http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php

PMASA-2011-7 Regular expression quoting issue in Synchronize code
http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php

PMASA-2011-8 Possible directory traversal
http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php

The following vulnerabilities have been fixed:
PMASA-2011-5 Possible session manipulation in Swekey authentication
http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php
PMASA-2011-6 Possible code injection in setup script in case session variables are compromised
http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php
PMASA-2011-7 Regular expression quoting issue in Synchronize code
http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php
PMASA-2011-8 Possible directory traversal
http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php

Plesk Panel 9.5.4 for Linux – Kaspersky Antivirus updated to version 8 – is available since July 6, 2011 through the Autoinstaller and vzpkg update.
Please, check http://kb.parallels.com/en/111566 for more details.

[releasenotice] Plesk Panel 9.3.0 MU#10 for Linux – security fixes – is available since June 22, 2011 through the Autoinstaller
[-] Horde XSS injection
[-] Multiple XSS vulnerabilities in Plesk Panel

Plesk Panel 10.0.1 MU#7 for Linux and Windows – security fixes – is available since June 9, 2011 through the Autoinstaller
[-] phpMyAdmin XSS vulnerability http://www.securityfocus.com/bid/47945/info.
[-] SQL injection at subscription’s owner changing in Plesk Panel.
[-] Horde XSS injection.
[-] Multiple XSS vulnerabilities in Plesk Panel.
[-] sw-cp-server can be crashed by client certificate.