[Hub] OpenSSL vulnerability in 1.0.1 CVE-2014-0160

Refers to:

  • Plesk 11.0 for Linux


2016-11-16 13:13:33 UTC


2016-12-21 20:13:59 UTC


Was this article helpful?

Have more questions?

Submit a request

[Hub] OpenSSL vulnerability in 1.0.1 CVE-2014-0160


The OpenSSL group has issued a vulnerability alert on April 7, 2014. You can find more information about CVE-2014-0160 at the Open SSL website and at http://heartbleed.com/ .

This affects almost all services (especially Apache-based) in a system which depend on OpenSSL and those systems created using one of the following distributions:

  • Debian Wheezy (stable) (vulnerable OpenSSL 1.0.1e-2+deb7u4, fixed in OpenSSL 1.0.1e-2+deb7u5)

  • Ubuntu 13.10 (vulnerable OpenSSL 1.0.1e-3ubuntu1.1, fixed in OpenSSL 1.0.1e-3ubuntu1.2)

  • Ubuntu 12.10 (vulnerable OpenSSL 1.0.1c-3ubuntu2.6, fixed in OpenSSL 1.0.1c-3ubuntu2.7)

  • Ubuntu 12.04.4 LTS (vulnerable OpenSSL 1.0.1-4ubuntu5.11, fixed in OpenSSL 1.0.1-4ubuntu5.12)

The package version for Debian/Ubuntu can be checked using the command:

~# dpkg -l openssl
  • RedHat, CentOS, CloudLinux 6.5 (vulnerable OpenSSL 1.0.1e-16.el6\_5.4, fixed in OpenSSL 1.0.1e-16.el6\_5.7)

  • Fedora 18 (OpenSSL 1.0.1e-4 without update: Fedora 18 is no longer supported )

  • Fedora 19 (fixed in OpenSSL 1.0.1e-37.fc19.1)

  • Fedora 20 (fixed in OpenSSL 1.0.1e-37.fc20.1)

  • OpenSUSE 12.2 (vulnerable OpenSSL 1.0.1c, fixed in OpenSSL 1.0.1e-1.44.1)

  • OpenSUSE 13.1 (fixed in OpenSSL 1.0.1e-11.32.1)

The package version for Redhat/CentOS and OpenSUSE can be checked using the command:

~# rpm -q openssl

The following OSes are not vulnerable:

  • OpenSSL 0.97a and 0.98e (in RedHat/CentOS 5) are not vulnerable. According to RHSA-2014-0376 , only Redhat 6.5 has a vulnerable version of OpenSSL.

  • Debian Squeeze it not vulnerable, as stated in Debian Security Advisory DSA-2896 .

  • Other supported Ubuntu releases are not vulnerable, as per Ubuntu Security Notice USN-2165-1 .

  • Fedora is changing rapidly, and the status of the issue is available in the Fedora Magazine article .

  • Fixes for OpenSUSE provided in OpenSUSE Security Announcement openSUSE-SU-2014:0492-1 .

Parallels products may be affected by this vulnerability. Here is the list of articles which you may refer to:

  • /120984 - Parallels Automation products
  • /120986 - Parallels Business Automation Standard
  • /213391729 - Plesk Panel family products
  • /120989 - Server Virtualization products
  • - Parallels Plesk Automation
  • - H-Spere and Confixx
Have more questions? Submit a request
Please sign in to leave a comment.