Article ID: 121016, created on Apr 10, 2014, last review on Jun 17, 2016

  • Applies to:
  • Operations Automation
  • Plesk 11.0 for Linux
  • Virtuozzo containers for Linux
  • H-Sphere


The OpenSSL group has issued a vulnerability alert on April 7, 2014. You can find more information about CVE-2014-0160 at the Open SSL website and at

This affects almost all services (especially Apache-based) in a system which depend on OpenSSL and those systems created using one of the following distributions:

  • Debian Wheezy (stable) (vulnerable OpenSSL 1.0.1e-2+deb7u4, fixed in OpenSSL 1.0.1e-2+deb7u5)

  • Ubuntu 13.10 (vulnerable OpenSSL 1.0.1e-3ubuntu1.1, fixed in OpenSSL 1.0.1e-3ubuntu1.2)

  • Ubuntu 12.10 (vulnerable OpenSSL 1.0.1c-3ubuntu2.6, fixed in OpenSSL 1.0.1c-3ubuntu2.7)

  • Ubuntu 12.04.4 LTS (vulnerable OpenSSL 1.0.1-4ubuntu5.11, fixed in OpenSSL 1.0.1-4ubuntu5.12)

The package version for Debian/Ubuntu can be checked using the command:

~# dpkg -l openssl
  • RedHat, CentOS, CloudLinux 6.5 (vulnerable OpenSSL 1.0.1e-16.el6_5.4, fixed in OpenSSL 1.0.1e-16.el6_5.7)

  • Fedora 18 (OpenSSL 1.0.1e-4 without update: Fedora 18 is no longer supported)

  • Fedora 19 (fixed in OpenSSL 1.0.1e-37.fc19.1)

  • Fedora 20 (fixed in OpenSSL 1.0.1e-37.fc20.1)

  • OpenSUSE 12.2 (vulnerable OpenSSL 1.0.1c, fixed in OpenSSL 1.0.1e-1.44.1)

  • OpenSUSE 13.1 (fixed in OpenSSL 1.0.1e-11.32.1)

The package version for Redhat/CentOS and OpenSUSE can be checked using the command:

~# rpm -q openssl

The following OSes are not vulnerable:

  • OpenSSL 0.97a and 0.98e (in RedHat/CentOS 5) are not vulnerable. According to RHSA-2014-0376, only Redhat 6.5 has a vulnerable version of OpenSSL.

  • Debian Squeeze it not vulnerable, as stated in Debian Security Advisory DSA-2896.

  • Other supported Ubuntu releases are not vulnerable, as per Ubuntu Security Notice USN-2165-1.

  • Fedora is changing rapidly, and the status of the issue is available in the Fedora Magazine article.

  • Fixes for OpenSUSE provided in OpenSUSE Security Announcement openSUSE-SU-2014:0492-1.

Parallels products may be affected by this vulnerability. Here is the list of articles which you may refer to:

  • /120984 - Parallels Automation products
  • /120986 - Parallels Business Automation Standard
  • /120990 - Plesk Panel family products
  • /120989 - Server Virtualization products
  •  - Parallels Plesk Automation
  •  - H-Spere and Confixx

Search Words

heartbleed information


caea8340e2d186a540518d08602aa065 56797cefb1efc9130f7c48a7d1db0f0c a914db3fdc7a53ddcfd1b2db8f5a1b9c 29d1e90fd304f01e6420fbe60f66f838 5356b422f65bdad1c3e9edca5d74a1ae aea4cd7bfd353ad7a1341a257ad4724a 0a53c5a9ca65a74d37ef5c5eaeb55d7f 198398b282069eaf2d94a6af87dcb3ff f213b9fa8759d57bee5d547445806fe7 6311ae17c1ee52b36e68aaf4ad066387 e8e50b42231236b82df27684e7ec0beb 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f 400e18f6ede9f8be5575a475d2d6b0a6 e0aff7830fa22f92062ee4db78133079 614fd0b754f34d5efe9627f2057b8642

Email subscription for changes to this article
Save as PDF