|
From: | Doursenaud , Raphaël |
Subject: | Re: [Dolibarr-dev] Heartbleed bug on Dolibarr.fr |
Date: | Thu, 10 Apr 2014 14:14:04 +0200 |
Hello,
Use or not use https is not enough to worry about this security hole. It’s all communication based on SSL which is implicated (certificate, SSH access, Github access, TLS etc…). If you use certificate issued from this server, there ‘re basically all compromised.
Cedric
De : dolibarr-dev-bounces+c.gross=address@hidden [mailto:dolibarr-dev-bounces+c.gross=address@hidden] De la part de Doursenaud, Raphaël
Envoyé : jeudi 10 avril 2014 12:28
À : Posts about Dolibarr ERP & CRM development and coding
Objet : Re: [Dolibarr-dev] Heartbleed bug on Dolibarr.fr
Hey, thanks for the heads up but if you go to https://dolibarr.fr or https://dolibarr.org, you'll see that the HTTPS version of the site is not available. I think there's no need to worry…
2014-04-10 12:21 GMT+02:00 Lorenzo Novaro <address@hidden>:
Hello everyone,
While testing and fixing our own infrastructure I also tested the
websites we usually visit and the services we use on a regular basis.
During said round of tests I checked also dolibarr.fr and it appears
vulnerable to threats according to CVE-2014-0160.
Check http://filippo.io/Heartbleed/#dolibarr.fr
It seems to be an ubuntu server, and so it would just be a matter of
upgrading libopenssl and openssl packages to a recent fixed version.
If the vulnerability have already been fixed, it might be worth a
reboot (not all openssl-using services are included in the restart rules
of the updated packages on Debian and derived distros).
Bye,
Lorenzo.
--
Diciannove Soc. Coop.
http://19.coop
http://diciannove.tel
GENOVA Via Luccoli, 14/8 - 16123
tel. +39 0109980020 - fax +39 0109980021
PARMA Strada Buffolara 26/A - 43126
tel. +39 05211841134 - fax +39 0109980021
_______________________________________________
Dolibarr-dev mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/dolibarr-dev
--
Technopole Hélioparc
2 avenue du Président Pierre Angot
64053 PAU CEDEX 9
SARL GPC.solutions au capital de 7 500 € - R.C.S. PAU 528 995 921
_______________________________________________
Dolibarr-dev mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/dolibarr-dev
[Prev in Thread] | Current Thread | [Next in Thread] |