Heartbleed

Georg C. F. Greve greve at kolabsys.com
Sun Apr 13 15:44:38 CEST 2014 

On Sunday 13 April 2014 15.03:02 Thinker Rix wrote:
> Are there any realizations yet about if and to which extend Kolab and 
> Kontact are affected by heartbleed and which counter measures are to be 
> undertaken?

The answer to that question depends on your platform and SSL config, I presume.

For people who are consuming our supported packages we've issued updates and 
errata with update advisory immediately when the vulnerability became known. 
Also see https://mykolab.com/news/2014/information-heartbleed-bug-new-ssl-certificate

Everyone else should follow the respective upgrade recommendation and 
practices of their platforms that they run Kolab on, as far as I know all the 
supported distributions reacted quickly.

Same for the more active community distributions. 

But whatever is your path will be determined mostly by your platform. 

If you are for instance using CentOS and were a little slow on the updates, 
this one may have passed you by, even. But if you were regularly updating, you 
definitely want to update from the CentOS repositories.

So whatever your upgrade path, test your systems, make sure you have the 
latest version, and then rotate SSL certificates and at least changing the 
admin passwords is good practice since it is hard to know whether this has 
been used against you. 

Also it may be a good time to use Qualys or some other service to test the 
strength of your own SSL setup since some setups we've seen out there are so 
broken that Heatbleed barely makes a difference.

All the best,
Georg


-- 
Georg C. F. Greve
Chief Executive Officer

Kolab Systems AG				Make it your Kolab @ http://mykolab.com
Zürich, Switzerland				Swiss Secure Collaboration as a Service

e: greve at kolabsys.com
t: +41 78 904 43 33
w: http://kolabsys.com

pgp: 86574ACA Georg C. F. Greve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 308 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.kolab.org/pipermail/users/attachments/20140413/b01d6b4d/attachment.sig>

More information about the users mailing list