Applicable to:
- Plesk for Linux
Situation
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard.
This vulnerability is registered as CVE-2019-0211.
Affected OSes
- Ubuntu 18.04;
- Ubuntu 16.04;
- Debian 9.
RedHat Enterprise Linux / CentOS / CloudLinux are not affected (Red Hat CVE Database. CVE-2019-0211)
Debian 8 is not affected (Debian Security Bug Tracker)
Call to Action
Ubuntu 18.04, Ubuntu 16.04
According to Ubuntu security tracker, the vulnerability has been fixed in :
- Apache 2.4.18-2ubuntu3.10 (Ubuntu 16.04)
- Apache 2.4.29-1ubuntu4.6 (Ubuntu 18.04).
Install server updates to fix the issue:
Click on a section to expand
-
Connect to the server via SSH;
- Run the command below:
# apt-get update && apt-get upgrade
Click on a section to expand
- Go to Tools & Settings > Server Management > System Updates > Available Updates > Update All.
Debian 9
According to Debian security tracker the vulnerability has been fixed in Apache 2.4.25-3+deb9u7 . Install server updates to fix the issue:
Click on a section to expand
-
Connect to the server via SSH;
- Run the command below:
# apt-get update && apt-get upgrade
Click on a section to expand
- Go to Tools & Settings > Server Management > System Updates > Available Updates > Update All.
Comments
2 comments
Am I reading this link wrong. It seems to suggest that RHEL/CentOS would be affected, doesn't it?
https://access.redhat.com/security/cve/cve-2019-0211
Hi @Bob B,
Plesk supports RHEL 6,7 and CentOS 6,7, which are based on RHEL.
As you may see from the table from the link, they are "Not affected":
Please sign in to leave a comment.