Search Engine: Elastic

Article ID: 120996, created on Apr 10, 2014, last review on Jul 14, 2018

  • Applies to:
  • Plesk Automation


The OpenSSL group has issued a vulnerability alert on April 7, 2014. You can find more information about CVE-2014-0160 at the OpenSSL website and at How to update OpenSSL?

This affects almost all services (especially Apache-based) in a system which depend on OpenSSL and those systems created using one of the following distributions:

  • Debian Wheezy (stable) (vulnerable OpenSSL 1.0.1e-2+deb7u4, fixed in OpenSSL 1.0.1e-2+deb7u5)
  • Ubuntu 13.10 (vulnerable OpenSSL 1.0.1e-3ubuntu1.1, fixed in OpenSSL 1.0.1e-3ubuntu1.2)
  • Ubuntu 12.10 (vulnerable OpenSSL 1.0.1c-3ubuntu2.6, fixed in OpenSSL 1.0.1c-3ubuntu2.7)
  • Ubuntu 12.04.4 LTS (vulnerable OpenSSL 1.0.1-4ubuntu5.11, fixed in OpenSSL 1.0.1-4ubuntu5.12)

    The package version for Debian/Ubuntu can be checked using the command:

    ~# dpkg -l openssl
  • RedHat, CentOS, CloudLinux 6.5 (vulnerable OpenSSL 1.0.1e-16.el6_5.4, fixed in OpenSSL 1.0.1e-16.el6_5.7)
  • Fedora 18 (OpenSSL 1.0.1e-4 without update: Fedora 18 is no longer supported)
  • Fedora 19 (fixed in OpenSSL 1.0.1e-37.fc19.1)
  • Fedora 20 (fixed in OpenSSL 1.0.1e-37.fc20.1)
  • OpenSUSE 12.2 (vulnerable OpenSSL 1.0.1c, fixed in OpenSSL 1.0.1e-1.44.1)
  • OpenSUSE 13.1 (fixed in OpenSSL 1.0.1e-11.32.1)

    The package version for Redhat/CentOS and OpenSUSE can be checked using the command:

    ~# rpm -q openssl

OpenSSL 0.97a and 0.98e (in RedHat/CentOS 5) are not vulnerable. According to RHSA-2014-0376, only Redhat 6.5 has a vulnerable version of OpenSSL.

Debian Squeeze it not vulnerable, as stated in Debian Security Advisory DSA-2896.

Other supported Ubuntu releases are not vulnerable, as per Ubuntu Security Notice USN-2165-1.

Fedora is changing rapidly, and the status of the issue is available in the Fedora Magazine article.

Fixes for OpenSUSE provided in OpenSUSE Security Announcement openSUSE-SU-2014:0492-1.


Instructions to update OpenSSL on Management Node and Service Nodes are the same as described for Parallels Automation: but with small differences.

The instruction for Parallels Plesk Automation is the following:

  1. Update OpenSSL on Online Store, Parallels Plesk Automation Billing Application, and Parallels Plesk Automation Billing Database servers that are deployed on RHEL/CentOS 6.

  2. Update OpenSSL on all Parallels Plesk Automation nodes that are deployed on RHEL/CentOS 6:

    ~# yum clean all; yum update openssl*
  3. Restart Parallels Plesk Automation CP and services running on Management Node that are deployed on RHEL/CentOS 6:

    ~# /etc/init.d/ppa restart
  4. Reboot Parallels Plesk Automation slaves nodes that are deployed on RHEL/CentOS 6 to restart all services which use OpenSSL.

Password Changes

It is highly recommended to change passwords for administrative staff after update is finished.

SSL Certificate Revocations

We encourage all Paralells Business Automation Standard customers to revoke and reissue SSL certificates for at least Store and CP domains. The procedure of revocation and reinstallation of SSL certificates is out of the scope of this document.

See also

  • KB #121016 - summary article for all Parallels products

e0aff7830fa22f92062ee4db78133079 caea8340e2d186a540518d08602aa065

Email subscription for changes to this article
Save as PDF