Heartbleed vulnerability

As you should know a recent critical vulnerability called heartbleed has been found in the openssl library.

This bug affects recent versions of openssl and can cause private informations leak (password, private key, …). It has been annouced on April, 7th and most Linux distributions released a patched version of openssl a few hours later.

At Enalean we patched the servers we manage on April, 8th on the morning (at Paris time, so a few hours after the announcement). Most of the forge we manage were not impacted as many of them are centos 5 hosted (packaging an old version of openssl which is not vulnerable).

But… Most recent tuleap installation on centos 6.x or debian 7 or ubuntu 12.04 are impacted by heartbleed. So if you host such a forge you should update openssl to the most recent one and verify you are not vulnerable anymore (with tools like https://filippo.io/Heartbleed/ ). Then regenerate your ssl private keys if necessary and ask your users to change their passwords.

Let us know if you encounter some problems, we may help you.

About the Author

How great is the challenge of creating economic value for a company with a libre software. I enjoy this! It encourages me to think business and communication in a disruptive way. I believe in the core value of FLOSS and agile spirit: open minded listening, transparency and co-creation. I'm Marketing Manager at Enalean.

Write Your Comment

3 × 1 =

You may use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Websites located at enalean.com and other enalean.com subdomains need to store and access cookies on your device. We need your acceptance. Get more information.

Yes, I agree No, I disagree