[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: HeartBleed, Zimbra 8.0.6 (and other versions likely) vulnerable.

To: zimbra-hied-admins <zimbra-hied-admins@sfu.ca>
Subject: Re: HeartBleed, Zimbra 8.0.6 (and other versions likely) vulnerable.
From: Nathan <lagern@lafayette.edu>
Date: Tue, 08 Apr 2014 11:24:21 -0400
In-reply-to: <534412DA.9020902@lafayette.edu>
List-help: <mailto:zimbra-hied-admins-request@sfu.ca?subject=help> (List Instructions)
List-id: <zimbra-hied-admins.sfu.ca>
List-owner: <mailto:owner-zimbra-hied-admins@sfu.ca>
List-unsubscribe: <mailto:zimbra-hied-admins-request@sfu.ca?subject=unsubscribe>
References: <53440FA8.8070206@lafayette.edu> <534412DA.9020902@lafayette.edu>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In my dev environment, this fixes postfix as well.


On 04/08/2014 11:16 AM, Nathan wrote:
> Update.
> 
> on RHEL6 previous to 6.5, you need to apply the RedHat 
> openssl-1.0.1e-16.el6_5.7.x86_64 update from today.
> 
> Then do the work-around mentioned previously.
> 
> This also appears to affect postfix, its worth patching there too,
> but i have not yet tested.
> 
> 
> 
> On 04/08/2014 11:03 AM, Nathan wrote:
>> This is a very big deal.
> 
>> http://heartbleed.com 
>> https://bugzilla.zimbra.com/show_bug.cgi?id=88688
> 
> 
>> The work-around in comment 19 works on rhel6.5.  I'm still
>> working on a 6.4 fix, as thats what my zimbra servers are
>> running.
> 
>> This, as far as I know, only applies to the proxy servers.  I am
>>  testing against a stand-alone box now.
> 
>> Test your systems with:
>> https://gist.github.com/takeshixx/10107280
> 
> 
> 
> 
> 

- -- 
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nathan Lager, RHCSA, RHCE, RHCVA (#110-011-426)
System Administrator
11 Pardee Hall
Lafayette College, Easton, PA 18042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlNEFKUACgkQsZqG4IN3sukNSQCfdqg6/RwDA1v9mu6oUHK23BOo
w7IAn2TFJGuo1bIjJiBTmuFMTPvNn1z0
=IHgD
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: HeartBleed, Zimbra 8.0.6 (and other versions likely) vulnerable.
  - From: "Thom O'Connor" <thom@zimbra.com>

References:
- HeartBleed, Zimbra 8.0.6 (and other versions likely) vulnerable.
  - From: Nathan <lagern@lafayette.edu>
- Re: HeartBleed, Zimbra 8.0.6 (and other versions likely) vulnerable.
  - From: Nathan <lagern@lafayette.edu>

Prev by Date: Re: HeartBleed, Zimbra 8.0.6 (and other versions likely) vulnerable.
Next by Date: Re: HeartBleed, Zimbra 8.0.6 (and other versions likely) vulnerable.
Previous by thread: Re: HeartBleed, Zimbra 8.0.6 (and other versions likely) vulnerable.
Next by thread: Re: HeartBleed, Zimbra 8.0.6 (and other versions likely) vulnerable.
Index(es):
- Date
- Thread