Get your facts straight : heartbleed.com SSH accesses are unaffected. You're right thou that affected HTTPS service, even if no website is configured can reveal in server memory informations. The question is, what confidential/critical information can leak from dolibarr.fr/dolibarr.org ? The only thing that comes to mind is forum passwords.
Anyway, an update has to be deployed, but with this being so widespread, we are a tiny, tiny target with not so interresting infos. No need to call the dogs ;) 2014-04-10 12:39 GMT+02:00 [Kreiz IT]Cédric GROSS <c.gr...@kreiz-it.fr>: > Hello, > > > > Use or not use https is not enough to worry about this security hole. It’s > all communication based on SSL which is implicated (certificate, SSH > access, Github access, TLS etc…). If you use certificate issued from this > server, there ‘re basically all compromised. > > > > Cedric > > > > *De :* dolibarr-dev-bounces+c.gross=kreiz-it...@nongnu.org [mailto: > dolibarr-dev-bounces+c.gross=kreiz-it...@nongnu.org] *De la part > de*Doursenaud, Raphaël > *Envoyé :* jeudi 10 avril 2014 12:28 > *À :* Posts about Dolibarr ERP & CRM development and coding > *Objet :* Re: [Dolibarr-dev] Heartbleed bug on Dolibarr.fr > > > > Hey, thanks for the heads up but if you go to https://dolibarr.fr or > https://dolibarr.org, you'll see that the HTTPS version of the site is > not available. I think there's no need to worry… > > > > 2014-04-10 12:21 GMT+02:00 Lorenzo Novaro <noval...@19.coop>: > > Hello everyone, > While testing and fixing our own infrastructure I also tested the > websites we usually visit and the services we use on a regular basis. > During said round of tests I checked also dolibarr.fr and it appears > vulnerable to threats according to CVE-2014-0160. > > Check http://filippo.io/Heartbleed/#dolibarr.fr > > It seems to be an ubuntu server, and so it would just be a matter of > upgrading libopenssl and openssl packages to a recent fixed version. > If the vulnerability have already been fixed, it might be worth a > reboot (not all openssl-using services are included in the restart rules > of the updated packages on Debian and derived distros). > > Bye, > Lorenzo. > -- > Diciannove Soc. Coop. > http://19.coop > http://diciannove.tel > > GENOVA Via Luccoli, 14/8 - 16123 > tel. +39 0109980020 - fax +39 0109980021 > > PARMA Strada Buffolara 26/A - 43126 > tel. +39 05211841134 - fax +39 0109980021 > > _______________________________________________ > Dolibarr-dev mailing list > Dolibarr-dev@nongnu.org > https://lists.nongnu.org/mailman/listinfo/dolibarr-dev > > > > > > -- > > *Raphaël Doursenaud* > > Directeur technique (CTO) > > Expert certifié en déploiement Google > Apps<https://gpcsolutions.fr/raphael-doursenaud-google-apps-certified-deployment-specialist> > > +33 (0)5 35 53 97 13 - +33 (0)6 68 48 20 10 > > > > [image: Image supprimée par l'expéditeur.] <http://gpcsolutions.fr> > > http://gpcsolutions.fr > > Technopole Hélioparc > > 2 avenue du Président Pierre Angot > > 64053 PAU CEDEX 9 > > SARL GPC.solutions au capital de 7 500 € - R.C.S. PAU 528 995 921 > > [image: Image supprimée par > l'expéditeur.]<https://www.google.com/a/partnersearch/#partner?partner_id=46687933_a0n60000000sqpWAAQ>[image: > Image supprimée par > l'expéditeur.]<http://wiki.dolibarr.org/index.php/Dolibarr_suppliers_France#GPC.solutions> > > _______________________________________________ > Dolibarr-dev mailing list > Dolibarr-dev@nongnu.org > https://lists.nongnu.org/mailman/listinfo/dolibarr-dev > > -- *Raphaël Doursenaud* Directeur technique (CTO) Expert certifié en déploiement Google Apps<https://gpcsolutions.fr/raphael-doursenaud-google-apps-certified-deployment-specialist> +33 (0)5 35 53 97 13 - +33 (0)6 68 48 20 10 -- <http://gpcsolutions.fr> http://gpcsolutions.fr Technopole Hélioparc 2 avenue du Président Pierre Angot 64053 PAU CEDEX 9 SARL GPC.solutions au capital de 7 500 € - R.C.S. PAU 528 995 921 <https://www.google.com/a/partnersearch/#partner?partner_id=46687933_a0n60000000sqpWAAQ><http://wiki.dolibarr.org/index.php/Dolibarr_suppliers_France#GPC.solutions>
<<inline: ~WRD000.jpg>>
_______________________________________________ Dolibarr-dev mailing list Dolibarr-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/dolibarr-dev
