• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

OpenSSL Security Leak for PSA Enviroment

G

g4marc

Basic Pleskian
Because of the Heart-Bleeding issue i just updated my OpenSSL Versions on our Servers, but i recognize, that PLESK work in its own enviroment, so we have to wait for a update for plesk?
the customer domains are fixed after this update, but not the login over std.-plesk link!
i tested it with the PLESK login and PORT 8443 at this site: http://filippo.io/Heartbleed/ and get this vulnerable-issue.

so is there a micro-update or something to fix this issue?

THX
Marc
 
So the this depends on your OS first. EL5 (RHEL/CentOS/Cloudlinux) is not affected by this vulnerability unless you had upgraded to the plesk distributed httpd & openssl to support SNI. If you had done this, then yes you will need to get an updated openssl for that system from parallels, and change your certificates in both httpd and the plesk daemon

If you are using EL6 (RHEL/CentOS/Cloudlinux)the plesk daemon (sw-cp-serverd) is linked against the OS's openssl library. Updating to the latest version from the OS updates channel (openssl-1.0.1e-16.el6_5.7) would resolve the vulnerability, and you would need to update your certificates.

Also note that other services that implement TLS are affected by this, that includes courier-imap, dovecot (plesk 12), qmail, and postfix. Certificates for all these services would need to be updated as well. Openssh is *not* affected
 
You must log in or register to reply here.

Similar threads

D
Question Service Unavailable port 8443 Plesk Not Working
Replies
1
Views
7K
Kaspar@Plesk
Kaspar@Plesk
J
Resolved Can't login at Plesk admin panel (Plesk Onyx 17.0.17)
Replies
6
Views
10K
JVG
J
Dennis Rahmen
Issue Kolab (Apheleia IT AG) extensions
Replies
8
Views
15K
drdna
D
B
Issue Update > Blank Panel (forced apt-get update, install and upgrade with -f)
Replies
3
Views
2K
IgorG
IgorG
L
Issue Being logged out of Plesk after nearly every page (error 400)
Replies
2
Views
3K
Himanshu Goyal
H
Back
Top