Correction of SSL critical error

On April 7th, 2014 a critical error has been found in the openSSL Library. The error affects OpenSSL version 1.0.1 up to version 1.0.1f including. These versions can be found on VPS installed after December 5th, 2013, (VPS with CentOS 6).

Version 1.0.1g together with branches 1.0.0 and 0.9.7 does not contain this vulnerability.  The correction packs are already at disposal - for their installation follow these steps:

1. after login via SSH
enter command

 yum update openssl

and restart the web server and other running services which is using the library - the best option is to restart Plesk and the services it manages with command

 service psa stopall
 service psa startall

2. in the Power Panel software center:

  After login to PowerPanel over the server´s IP address on port 4643 - https://IPADRESA:8443 in section Software packages

search the name of the openssl package. If you find packages with status "Update found" on the right,

check both packages and click on Update.

Wait for the update - after its completion the following message will appear

 Information:The software packages have been successfully updated.

Re-check the package; search the package name once more, the found package versions should be the following ones:

Restart the apache services (web server)

For dedicated servers with Debian/Ubuntu installations first find out if the installed version contains this vulnerability (e.g. with command dpkg -s openssl). When it does, and a correction pack has been already published, install it. (Debian DSA-2896-1 openssl -- security update, + openssl package and Ubuntu Security Notice USN-2165-1)