Article ID: 120986, created on Apr 9, 2014, last review on Aug 25, 2014

  • Applies to:
  • Odin Business Automation Standard 4.5

Information

The OpenSSL group has issued a vulnerability alert on April 7, 2014. You can find more information about CVE-2014-0160 at the OpenSSL website and at http://heartbleed.com/.

The Parallels Business Automation - Standard (PBA-S) installations deployed on CentOS 6, 64-bit system are potentially vulnerable.

Resolution

  1. Update OpenSSL package on PBA-S node:

    ~# yum clean all
    ~# yum update "openssl*"

  2. Restart PBA-S and Apache services:

    ~# /etc/init.d/hspcd restart
    ~# /etc/init.d/httpd restart

Password Changes

It is highly recommended to change passwords for administrative staff after update is finished.

SSL Certificate Revocations

We encourage all PBAS customers to revoke and reissue SSL certificates for at least Store and CP domains. The procedure of revocation and reinstallation of SSL certificates is out of the scope of this document.

Additional Checks

After updating, please additionally check all public HTTPS endpoints of PBAS using the SSLLabs service: https://www.ssllabs.com/ssltest/.

The output of the test should include a row similar to this:

This server is not vulnerable to the Heartbleed attack. (Experimental)

See also

KB #121016 - summary article for all Parallels products

KB #113391 - Plesk Mass Password Reset Script

Search Words

Security vulnerability

OpenSSL

OpenSSL

caea8340e2d186a540518d08602aa065 400e18f6ede9f8be5575a475d2d6b0a6 624ca542e40215e6f1d39170d8e7ec75 70a5401e8b9354cd1d64d0346f2c4a3e

Email subscription for changes to this article
Save as PDF