Hello,
Use or not use https is not enough to worry about this security hole. It’s all communication based on SSL which is implicated (certificate, SSH access, Github access, TLS etc…). If you use certificate issued from this server, there ‘re basically all compromised. Cedric De : dolibarr-dev-bounces+c.gross=kreiz-it...@nongnu.org [mailto:dolibarr-dev-bounces+c.gross=kreiz-it...@nongnu.org] De la part de Doursenaud, Raphaël Envoyé : jeudi 10 avril 2014 12:28 À : Posts about Dolibarr ERP & CRM development and coding Objet : Re: [Dolibarr-dev] Heartbleed bug on Dolibarr.fr Hey, thanks for the heads up but if you go to https://dolibarr.fr or https://dolibarr.org, you'll see that the HTTPS version of the site is not available. I think there's no need to worry… 2014-04-10 12:21 GMT+02:00 Lorenzo Novaro <noval...@19.coop>: Hello everyone, While testing and fixing our own infrastructure I also tested the websites we usually visit and the services we use on a regular basis. During said round of tests I checked also dolibarr.fr and it appears vulnerable to threats according to CVE-2014-0160. Check http://filippo.io/Heartbleed/#dolibarr.fr It seems to be an ubuntu server, and so it would just be a matter of upgrading libopenssl and openssl packages to a recent fixed version. If the vulnerability have already been fixed, it might be worth a reboot (not all openssl-using services are included in the restart rules of the updated packages on Debian and derived distros). Bye, Lorenzo. -- Diciannove Soc. Coop. http://19.coop http://diciannove.tel GENOVA Via Luccoli, 14/8 - 16123 tel. +39 0109980020 <tel:%2B39%200109980020> - fax +39 0109980021 <tel:%2B39%200109980021> PARMA Strada Buffolara 26/A - 43126 tel. +39 05211841134 - fax +39 0109980021 _______________________________________________ Dolibarr-dev mailing list Dolibarr-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/dolibarr-dev -- Raphaël Doursenaud Directeur technique (CTO) Expert certifié en déploiement Google Apps <https://gpcsolutions.fr/raphael-doursenaud-google-apps-certified-deployment-specialist> +33 (0)5 35 53 97 13 - +33 (0)6 68 48 20 10 <http://gpcsolutions.fr> Image supprimée par l'expéditeur. http://gpcsolutions.fr Technopole Hélioparc 2 avenue du Président Pierre Angot 64053 PAU CEDEX 9 SARL GPC.solutions au capital de 7 500 € - R.C.S. PAU 528 995 921 <https://www.google.com/a/partnersearch/#partner?partner_id=46687933_a0n60000000sqpWAAQ> Image supprimée par l'expéditeur. <http://wiki.dolibarr.org/index.php/Dolibarr_suppliers_France#GPC.solutions> Image supprimée par l'expéditeur.
<<~WRD000.jpg>>
_______________________________________________ Dolibarr-dev mailing list Dolibarr-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/dolibarr-dev
