[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Dolibarr-dev] Heartbleed bug on

From: Doursenaud , Raphaël
Subject: Re: [Dolibarr-dev] Heartbleed bug on
Date: Thu, 10 Apr 2014 14:14:04 +0200

Get your facts straight :
SSH accesses are unaffected.
You're right thou that affected HTTPS service, even if no website is configured can reveal in server memory informations.
The question is, what confidential/critical information can leak from ?
The only thing that comes to mind is forum passwords.

Anyway, an update has to be deployed, but with this being so widespread, we are a tiny, tiny target with not so interresting infos. No need to call the dogs ;)

2014-04-10 12:39 GMT+02:00 [Kreiz IT]Cédric GROSS <address@hidden>:



Use or not use https is not enough to worry about this security hole. It’s all communication based on SSL which is implicated (certificate, SSH access, Github access, TLS etc…). If you use certificate issued from this server, there ‘re basically all compromised.




De : dolibarr-dev-bounces+c.gross=address@hidden [mailto:dolibarr-dev-bounces+c.gross=address@hidden] De la part de Doursenaud, Raphaël
Envoyé : jeudi 10 avril 2014 12:28
À : Posts about Dolibarr ERP & CRM development and coding
Objet : Re: [Dolibarr-dev] Heartbleed bug on


Hey, thanks for the heads up but if you go to or, you'll see that the HTTPS version of the site is not available. I think there's no need to worry…


2014-04-10 12:21 GMT+02:00 Lorenzo Novaro <address@hidden>:

Hello everyone,
While testing and fixing our own infrastructure I also tested the
websites we usually visit and the services we use on a regular basis.
During said round of tests I checked also and it appears
vulnerable to threats according to CVE-2014-0160.


It seems to be an ubuntu server, and so it would just be a matter of
upgrading libopenssl and openssl packages to a recent fixed version.
If the vulnerability have already been fixed, it might be worth a
reboot (not all openssl-using services are included in the restart rules
of the updated packages on Debian and derived distros).

Diciannove Soc. Coop.

GENOVA  Via Luccoli, 14/8 - 16123
tel. +39 0109980020 - fax +39 0109980021

PARMA   Strada Buffolara 26/A - 43126
tel. +39 05211841134 - fax +39 0109980021

Dolibarr-dev mailing list




Image supprimée par l'expéditeur.

Technopole Hélioparc

2 avenue du Président Pierre Angot

64053 PAU CEDEX 9

SARL au capital de 7 500 € - R.C.S. PAU 528 995 921

Image supprimée par l'expéditeur.Image supprimée par l'expéditeur.

Dolibarr-dev mailing list

Raphaël Doursenaud
Directeur technique (CTO)
Expert certifié en déploiement Google Apps
+33 (0)5 35 53 97 13 - +33 (0)6 68 48 20 10
Technopole Hélioparc
2 avenue du Président Pierre Angot
64053 PAU CEDEX 9
SARL au capital de 7 500 € - R.C.S. PAU 528 995 921

reply via email to

[Prev in Thread] Current Thread [Next in Thread]