Article ID: 121003, created on Apr 10, 2014, last review on May 11, 2014

  • Applies to:
  • Virtuozzo hypervisor 5.0
Synopsis:          The new Parallels Server Bare Metal 5.0 tools update provides
  a security fix.
Issue date:        2014-04-10
Product:           Parallels Server Bare Metal 5.0
Keywords:          'security'
1. What's Included in This Update
The new packages for Parallels Server Bare Metal 5.0 provide a user-level tool
fix for the 'Heartbleed' security issue.
2. Problem description
This update fixes the following issue:
- The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not
  properly handle Heartbeat Extension packets, which allows remote attackers to
  obtain sensitive information from process memory via crafted packets that
  trigger a buffer over-read, as demonstrated by reading private keys, related
  to d1_both.c and t1_lib.c, aka the Heartbleed bug. (CVE-2014-0160)
All Parallels Server Bare Metal 5.0 users are advised to update tools packages
and reboot servers.
3. Installing the update
You can download and install this update using the vzup2date utility included in
the Parallels Server Bare Metal 5.0 distribution set.
4. References
Copyright (c) 1999-2014 Parallels IP Holdings GmbH and its affiliates.
All rights reserved.

c662da62f00df94fd77ba7a2c9eff4b4 2897d76d56d2010f4e3a28f864d69223 a26b38f94253cdfbf1028d72cf3a498b

Email subscription for changes to this article
Save as PDF