LiteSpeed Security Patch to Fix Heartbleed Bug in OpenSSL
LiteSpeed Web Server 4.2.9 was released this morning as a security patch to address the OpenSSL Heartbleed bug.
As noted on Heartbleed.com (the site Codenomicon has set up to explain the Heartbleed bug):
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
This vulnerability should affect versions 4.2.5-8 and 5.0 RC1. If you use one of these versions, we highly recommend you upgrade to LSWS 4.2.9 as soon as possible.
The easiest way to upgrade is by using the lsup command:
/usr/local/lsws/admin/misc/lsup.sh -f -v 4.2.9
Some users have experienced an issue with the lsup command that causes it to try to download from the wrong address. This can be fixed by removing your
/usr/local/lsws/autoupdate/release file. Please let us know through our forum if you run into any other issues.