Fixing Vulnerabilities

Navigation:  »No topics above this level«

Fixing Vulnerabilities

Previous pageReturn to chapter overviewNext page

Vulnerabilities with a vendor released fix can be fixed by installing the updated package(s). You may use any of the methods below.

 

Imunify QuickPatch+

 

The Imunify QuickPatch+ version allows you to select and fix vulnerabilities through its user interface, or automatically fix vulnerabilities through a daily task.

 

Plesk Onyx

Plesk Onyx includes a System Updates manager for updating packages. This interface can be accessed using the plx_icon_pum icon in the extension or by navigating the Plesk UI to Tools & Settings => Server Management => System Updates.

 

Server Command Line

 

Manually Updating Specific Packages

 

One or more packages may be updated by name using the server command line (e.g., bash shell). To execute these commands log in as root or run the commands using sudo.

 

RedHat or CentOS

 

Use the yum package manager to upgrade vulnerable packages. You may upgrade one or more packages by name (without the version/release). For example, to upgrade the openssl and git packages:

 

yum upgrade openssl git

 

Ubuntu or Debian

 

Use the apt package manager to upgrade vulnerable packages. There are two steps: 1) updating the package manager cache to get the latest information about available packages; and 2) upgrading packages. For example, to upgrade the openssl and git packages:

 

apt-get update
apt-get install openssl git

 

Manual System Updates

 

A general system update, which updates all installed packages, including kernel packages, may also be performed using the server command line. This typically requires a system reboot. To execute these commands log in as root or run the commands using sudo.

 

RedHat or CentOS Use the yum package manager to upgrade all currently installed packages:

 

yum update

 

Ubuntu or Debian Use the apt package manager to upgrade all currently installed packages:

 

apt-get update
apt-get upgrade

 

Complete documentation for the yum and apt-get commands can be found online, and should be reviewed for a more detailed explanation of their operation.

 

Vulnerabilities Without a Published Fix

 

If a vulnerability has no published fix (no package update which fixes the vulnerability), and you do not want to wait for such a fix, you may be able to mitigate the vulnerability through other means, such as changing package configuration files (e.g., to disable a particular cipher in SSL). You will need to research a particular vulnerability to determine if this is possible. More detailed information is outside the scope of this document.