Heartbleed
Georg C. F. Greve
greve at kolabsys.com
Sun Apr 13 15:44:38 CEST 2014
On Sunday 13 April 2014 15.03:02 Thinker Rix wrote:
> Are there any realizations yet about if and to which extend Kolab and
> Kontact are affected by heartbleed and which counter measures are to be
> undertaken?
The answer to that question depends on your platform and SSL config, I presume.
For people who are consuming our supported packages we've issued updates and
errata with update advisory immediately when the vulnerability became known.
Also see https://mykolab.com/news/2014/information-heartbleed-bug-new-ssl-certificate
Everyone else should follow the respective upgrade recommendation and
practices of their platforms that they run Kolab on, as far as I know all the
supported distributions reacted quickly.
Same for the more active community distributions.
But whatever is your path will be determined mostly by your platform.
If you are for instance using CentOS and were a little slow on the updates,
this one may have passed you by, even. But if you were regularly updating, you
definitely want to update from the CentOS repositories.
So whatever your upgrade path, test your systems, make sure you have the
latest version, and then rotate SSL certificates and at least changing the
admin passwords is good practice since it is hard to know whether this has
been used against you.
Also it may be a good time to use Qualys or some other service to test the
strength of your own SSL setup since some setups we've seen out there are so
broken that Heatbleed barely makes a difference.
All the best,
Georg
--
Georg C. F. Greve
Chief Executive Officer
Kolab Systems AG Make it your Kolab @ http://mykolab.com
Zürich, Switzerland Swiss Secure Collaboration as a Service
e: greve at kolabsys.com
t: +41 78 904 43 33
w: http://kolabsys.com
pgp: 86574ACA Georg C. F. Greve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 308 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.kolab.org/pipermail/users/attachments/20140413/b01d6b4d/attachment.sig>
More information about the users
mailing list