LiteSpeed Security Patch to Fix Heartbleed Bug in OpenSSL

heartbleed logo

 

LiteSpeed Web Server 4.2.9 was released this morning as a security patch to address the OpenSSL Heartbleed bug.

As noted on Heartbleed.com (the site Codenomicon has set up to explain the Heartbleed bug):

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

This vulnerability should affect versions 4.2.5-8 and 5.0 RC1. If you use one of these versions, we highly recommend you upgrade to LSWS 4.2.9 as soon as possible.

The easiest way to upgrade is by using the lsup command: /usr/local/lsws/admin/misc/lsup.sh -f -v 4.2.9

Some users have experienced an issue with the lsup command that causes it to try to download from the wrong address. This can be fixed by removing your /usr/local/lsws/autoupdate/release file. Please let us know through our forum if you run into any other issues.

15 Responses to “LiteSpeed Security Patch to Fix Heartbleed Bug in OpenSSL”

  1. masabs says:

    I’m using litespeed cpanel plugin. Can I use above command for updating this? latest version that available in WHM is 4,2,8.

    • masabs says:

      Yes, it’s working for me….

    • Michael says:

      Just to confirm: Yes, the lsup command works no matter what control panel you may be using.

      4.2.9 won’t come up as an option for upgrading until your server has communicated with our licensing server to find out if there are new versions. This process happens automatically once per day.

      Cheers,

      Michael

    • itaylorjay says:

      I found that by first upgrading to 4.2.8 – the option of 4.2.9 came available.

      I was able to do it all through the cPanel Plugin interface

  2. SAJID says:

    I hope it doesnt effect litespeed servers… I am really worried about this stupid heartbleed bug

    • Michael says:

      Hi Sajid,

      As noted in the blog post above, the Heartbleed bug affects LSWS versions 4.2.5 – 4.2.8. If you have one of those versions, you should upgrade to 4.2.9 immediately.

      Cheers,

      Michael

  3. ie says:

    If I don’t use any SSL in all my website, is it a concern?

    • Michael says:

      Nope. If you actually use no SSL, then there’s no way for the bug to affect you. I would be very careful, though, before jumping to the conclusion that you use no SSL.

      Michael

      • ie says:

        I have cPanel which use SSL but I already update OpenSSL on OS level

        Why you say need to be “very careful before jumping to the conclusion that you use no SSL.”. I use LiteSpeed & none my hosted website use “https://”, all only use http://

  4. TechNil says:

    Are you people also effected by heart bleed? :(

  5. […] on the heels of Heartbleed, Japanese researcher Masashi Kikuchi has recently discovered and reported the CCS […]

  6. […] on the heels of Heartbleed, Japanese researcher Masashi Kikuchi has recently discovered and reported the CCS […]

Leave a Reply