[UPDATED] OpenSSL Vulnerability - Heartbleed Bug

[UPDATED 4/9/14]

Multiple Parallels products are potentially affected by the 'Heartbleed Bug' because they are based or installed on operating systems impacted by the OpenSSL CVE-2014-0160 vulnerabilities.

The OpenSSL group has published a solution at http://heartbleed.com/.

Additionally, please review and take action outlined in these Knowledgebase articles:


Yesterday a new vulnerability was announced in OpenSSL 1.0.1 that allows an attacker to reveal up to 64kb of memory to a connected server. Parallels is working to assess any product specific issues as a result of this OpenSSL vulnerability. We encourage everyone running a server that uses OpenSSL to upgrade to version 1.0.1g to be protected. For previous versions of OpenSSL, re-compiling with the OPENSSL_NO_HEARTBEATS flag enabled will protect against this vulnerability. We will provide any product-specific updates as they become available.

Posted on April 8, 2014 and filed under Tips & Tricks.