--===============0025046408692301713== Content-Type: multipart/signed; boundary="nextPart3984542.SCQNgKMJZu"; micalg="pgp-sha1"; protocol="application/pgp-signature" --nextPart3984542.SCQNgKMJZu Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1" On Sunday 13 April 2014 15.03:02 Thinker Rix wrote: > Are there any realizations yet about if and to which extend Kolab and= =20 > Kontact are affected by heartbleed and which counter measures are to = be=20 > undertaken? The answer to that question depends on your platform and SSL config, I = presume. For people who are consuming our supported packages we've issued update= s and=20 errata with update advisory immediately when the vulnerability became k= nown.=20 Also see https://mykolab.com/news/2014/information-heartbleed-bug-new-s= sl-certificate Everyone else should follow the respective upgrade recommendation and=20= practices of their platforms that they run Kolab on, as far as I know a= ll the=20 supported distributions reacted quickly. Same for the more active community distributions.=20 But whatever is your path will be determined mostly by your platform.=20= If you are for instance using CentOS and were a little slow on the upda= tes,=20 this one may have passed you by, even. But if you were regularly updati= ng, you=20 definitely want to update from the CentOS repositories. So whatever your upgrade path, test your systems, make sure you have th= e=20 latest version, and then rotate SSL certificates and at least changing = the=20 admin passwords is good practice since it is hard to know whether this = has=20 been used against you.=20 Also it may be a good time to use Qualys or some other service to test = the=20 strength of your own SSL setup since some setups we've seen out there a= re so=20 broken that Heatbleed barely makes a difference. All the best, Georg =2D-=20 Georg C. F. Greve Chief Executive Officer Kolab Systems AG=09=09=09=09Make it your Kolab @ http://mykolab.com Z=FCrich, Switzerland=09=09=09=09Swiss Secure Collaboration as a Servic= e e: greve@kolabsys.com t: +41 78 904 43 33 w: http://kolabsys.com pgp: 86574ACA Georg C. F. Greve --nextPart3984542.SCQNgKMJZu Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQCVAwUAU0qUxik9sUy32wQcAQKItAP+LTuIirr4j/ZsCTGnlwNIVMdbF+KJtGON h/k680pyUNZZErHTaefnU1QSKTvNltp/ancFw/XRF/y6KNG5Nt9gpISKqnrZ8xbM lti2QBvvY7lYujDRrQ6KLF4NTI3vnwbIUSkkeAEkc+GStxqszTWV8y3eoQZi6Lww 0ijZQbqXwR0= =pwkD -----END PGP SIGNATURE----- --nextPart3984542.SCQNgKMJZu-- --===============0025046408692301713== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ users mailing list users@lists.kolab.org https://lists.kolab.org/mailman/listinfo/users --===============0025046408692301713==--