We just got the message that all Plesk versions from 12.x to 17.x have a Security vulnerability which allow the end user to read files of the psaadm user. This allows you to gain access to the admin user and to use e.g. commands as root user execute.
On 15.4. the gap is to be published by the manufacturer Plesk.
Until then, all Plesk servers must be updated to the latest version. 12.x updates have also been provided for the old End-of-Life versions.
How do I update my system?
via SSH e.g. simply execute the following command as root:
For Plesk 17.x:
plesk installer update
For Plesk 12.5:
plesk installer --select-release-current --reinstall-patch --upgrade-installed-components
For Plesk 12.0:
/usr/local/psa/admin/sbin/autoinstaller --select-product-id plesk --select-release-current --reinstall-patch --install-component panel
or in Plesk even via the update function. The best way to do this is to log in as admin and check for updates. In this context it also makes sense to update the operating system and activate the auto-update function.
