Article ID: 121002, created on Apr 10, 2014, last review on May 11, 2014

  • Applies to:
  • Virtuozzo 6.0
Synopsis:          The new Parallels Cloud Server 6.0 tools update provides a
  security fix.
Issue date:        2014-04-10
Product:           Parallels Cloud Server 6.0
Keywords:          'security'

1. What's Included in This Update

The new packages for Parallels Cloud Server 6.0 provide a user-level tool fix
for the 'Heartbleed' security issue.

2. Problem description

This update fixes the following issue:

- The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not
  properly handle Heartbeat Extension packets, which allows remote attackers to
  obtain sensitive information from process memory via crafted packets that
  trigger a buffer over-read, as demonstrated by reading private keys, related
  to d1_both.c and t1_lib.c, aka the Heartbleed bug. (CVE-2014-0160)

All Parallels Cloud Server 6.0 users are advised to update tools packages and
reboot servers.

3. Installing the update

You can download and install this update using the yum utility included in the
Parallels Cloud Server 6.0 distribution set.

4. References

Copyright (c) 1999-2014 Parallels IP Holdings GmbH and its affiliates.
All rights reserved.

Search Words






c62e8726973f80975db0531f1ed5c6a2 2897d76d56d2010f4e3a28f864d69223 0dd5b9380c7d4884d77587f3eb0fa8ef

Email subscription for changes to this article
Save as PDF