Re: [Dolibarr-dev] Heartbleed bug on Dolibarr.fr

From:

Doursenaud , Raphaël

Subject:

Date:

Thu, 10 Apr 2014 12:27:50 +0200

Hey, thanks for the heads up but if you go to https://dolibarr.fr or https://dolibarr.org, you'll see that the HTTPS version of the site is not available. I think there's no need to worry…

2014-04-10 12:21 GMT+02:00 Lorenzo Novaro <address@hidden>:

Hello everyone,
While testing and fixing our own infrastructure I also tested the
websites we usually visit and the services we use on a regular basis.
During said round of tests I checked also dolibarr.fr and it appears
vulnerable to threats according to CVE-2014-0160.

Check http://filippo.io/Heartbleed/#dolibarr.fr

It seems to be an ubuntu server, and so it would just be a matter of
upgrading libopenssl and openssl packages to a recent fixed version.
If the vulnerability have already been fixed, it might be worth a
reboot (not all openssl-using services are included in the restart rules
of the updated packages on Debian and derived distros).

Bye,
Lorenzo.
--
Diciannove Soc. Coop.
http://19.coop
http://diciannove.tel

GENOVA Via Luccoli, 14/8 - 16123
tel. +39 0109980020 - fax +39 0109980021

PARMA Strada Buffolara 26/A - 43126
tel. +39 05211841134 - fax +39 0109980021

_______________________________________________
Dolibarr-dev mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/dolibarr-dev

Raphaël Doursenaud

Directeur technique (CTO)

Expert certifié en déploiement Google Apps

+33 (0)5 35 53 97 13 - +33 (0)6 68 48 20 10

Technopole Hélioparc

2 avenue du Président Pierre Angot

64053 PAU CEDEX 9

SARL GPC.solutions au capital de 7 500 € - R.C.S. PAU 528 995 921