Vulnerabilities with a vendor released fix can be fixed by installing the updated package(s). You may use any of the methods below.
The Imunify QuickPatch+ version allows you to select and fix vulnerabilities through its user interface, or automatically fix vulnerabilities through a daily task.
Plesk Onyx includes a System Updates manager for updating packages. This interface can be accessed using the icon in the extension or by navigating the Plesk UI to Tools & Settings => Server Management => System Updates.
One or more packages may be updated by name using the server command line (e.g., bash shell). To execute these commands log in as root or run the commands using sudo.
RedHat or CentOS
Use the yum package manager to upgrade vulnerable packages. You may upgrade one or more packages by name (without the version/release). For example, to upgrade the openssl and git packages:
Ubuntu or Debian
Use the apt package manager to upgrade vulnerable packages. There are two steps: 1) updating the package manager cache to get the latest information about available packages; and 2) upgrading packages. For example, to upgrade the openssl and git packages:
A general system update, which updates all installed packages, including kernel packages, may also be performed using the server command line. This typically requires a system reboot. To execute these commands log in as root or run the commands using sudo.
RedHat or CentOS Use the yum package manager to upgrade all currently installed packages:
Ubuntu or Debian Use the apt package manager to upgrade all currently installed packages:
Complete documentation for the yum and apt-get commands can be found online, and should be reviewed for a more detailed explanation of their operation.
If a vulnerability has no published fix (no package update which fixes the vulnerability), and you do not want to wait for such a fix, you may be able to mitigate the vulnerability through other means, such as changing package configuration files (e.g., to disable a particular cipher in SSL). You will need to research a particular vulnerability to determine if this is possible. More detailed information is outside the scope of this document.