Archive for the tag 'openssl'

Still cleaning up after the Heartbleed debacle, OpenSSL is issuing fixes for several vulnerabilities, one of them exploitable to run arbitrary code on the client or server.

Unlike Heartbleed, which had been introduced into the program not long before, affects all versions of OpenSSL, including those that were patched to fix Heartbleed.

The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1.

All client versions of OpenSSL are vulnerable. The bug was reported to OpenSSL on May 1 via JPCERT/CC.

OpenSSL provides this advice:

  • OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
  • OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m
  • OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h

Non-OpenSSL clients (IE, Firefox, Chrome on Desktop and iOS, Safari etc) aren’t affected. None the less, all OpenSSL users should be updating.

If you would like to have this vulerability patched please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!.

Latest update of openssl breaks Parallels Panel

Latest update of the openssl package from CentOS breaks Parallels Panel 9.x. Errors are displayed in the /var/log/sw-cp-server/error_log file when Panel is trying to start.

The problem has been fixed since version 9.5.0.

Download the appropriate package using the wget utility. Example for CentOS 5 x86:

#wget -c http://kb.parallels.com/Attachments/12669/Attachments/sw-cp-server-1.0-6.201004011105.centos5.i386.rpm

Install the downloaded package. Example for CentOS 5 x86:

#rpm -Uhv sw-cp-server-1.0-6.201004011105.centos5.i386.rpm

Reference : http://kb.parallels.com/