Hello Gentlemen. Sorry again.
Could you spend little time and answer one little question?
Why do you install new OS updates without Plesk Panel compatibility checking?
There's quite a few reasons which should be obvious:
1) First and foremost, Parallels has no compatibility list that I've ever seen other than the base operating system name and version, such as CentOS 5, RedHat Enterprise 4. Are you saying one exists that actually states "Plesk Panel 9.x on RedHat Enterprise 5 REQUIRES OpenSSL RPM version 0.9.8e-12.el5_4.1 and will NOT function with version 0.9.8e-12.el5_4.6"? I doubt it does, but even if there were such a list, I would doubt it would be updated quickly enough for server operators to sit around on a known security issue waiting for someone from Parallels to tell us if we can patch our servers.
2) Because in the past this has not been an issue, which is why Plesk 8.x runs just fine with the new OpenSSL patch. It's only the poorly written version 9.x that has an issue with a minor version change. In fact, the whole point of using an operating system like RedHat Enterprise is because they keep the major version the same and apply later patches to software into their stable version so that compatibility issues are minimized. Of course, if Parallels hard codes Plesk Panel 9.x to expect and rely on a specific version, all the work of RedHat to keep things working is wasted.
3) Because some of us have servers hosting customers' businesses, i.e. in many cases we host someone's sole form of income, they rely on us to keep their business running, we rely on RedHat to immediately release patches to issues that could jeopardize our customers' businesses, which a remotely exploitable ssl-related vulnerability could very well do. So when an update comes out for something the RedHat advises could *potentially* contain a remotely exploitable issue allowing the execution of arbitrary code, you better believe I'm going to apply the update whether Parallels says it's ok or not.
So, with that being said, can you answer me one little question; why is Plesk 9.x hard coded to a specific version of openssl when 8.x didn't seem to need that?