Koozali.org: home of the SME Server

Obsolete Releases => SME Server 8.x => Topic started by: wellsi on April 12, 2014, 12:20:25 AM

Title: SME Server 8.x is not affected by CVE-2014-0160 (Heartbleed)
Post by: wellsi on April 12, 2014, 12:20:25 AM

Upstream have confirmed that RHEL 5, which is used in Cos 5 and therefore SME Server 8 are not affected.

http://www.openssl.org/news/secadv_20140407.txt
https://access.redhat.com/security/cve/CVE-2014-0160

From RedHat:
This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6.4 and earlier, Red Hat JBoss Enterprise Application Platform 5 and 6, and Red Hat JBoss Web Server 1 and 2. This issue does affect Red Hat Enterprise Linux 6.5, Red Hat Enterprise Virtualization Hypervisor 6.5, and Red Hat Storage 2.1, which provided openssl 1.0.1e. Errata have been released to correct this issue.

https://access.redhat.com/site/announcements/781953

Title: Re: SME Server 8.x is not affected by CVE-2014-0160 (Heartbleed)
Post by: holck on April 12, 2014, 04:51:04 PM

Thanks for the comforting info. Just to be sure: does this imply that with an SME 8 server, there is no cause for concern? nothing I should do?

Title: Re: SME Server 8.x is not affected by CVE-2014-0160 (Heartbleed)
Post by: stephdl on April 12, 2014, 05:06:50 PM

Quote from: holck on April 12, 2014, 04:51:04 PM

nothing I should do?

yes give a help to test the sme9b4 released today : ok i go out :)