The Parallels Business Automation - Standard (PBA-S) installations deployed on
CentOS 6, 64-bit system are potentially vulnerable.
Update OpenSSL package on PBA-S node:
~# yum clean all
~# yum update "openssl*"
Restart PBA-S and Apache services:
~# /etc/init.d/hspcd restart
~# /etc/init.d/httpd restart
It is highly recommended to change passwords for administrative staff after update is finished.
SSL Certificate Revocations
We encourage all PBAS customers to revoke and reissue SSL certificates for at least Store and CP domains. The procedure of revocation and reinstallation of SSL certificates is out of the scope of this document.
After updating, please additionally check all public HTTPS endpoints of PBAS using the SSLLabs service: https://www.ssllabs.com/ssltest/.
The output of the test should include a row similar to this:
This server is not vulnerable to the Heartbleed attack. (Experimental)
KB #121016 - summary article for all Parallels products
KB #113391 - Plesk Mass Password Reset Script