You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@openoffice.apache.org by Maurice Howe <ma...@stny.rr.com> on 2014/04/26 14:08:37 UTC
HeartBleed bug
According to MalwareBytes, Apache is very vulnerable to the HeartBleed bug.
Any truth in that? Here's what they say:
Cheers,
Maurice Howe
"It is a bug in OPEN SSL. It affects version 1.0.1 through 1.0.1f
(inclusive), and it affects servers that run Apache and NGINX mostly. Open
SSL is used in a lot of things and the complete list of what is affected has
yet to be tabulated, so there's probably other stuff too. Apache and NGINX
are the most important ones to start with."
Re: HeartBleed bug
Posted by d a n i e l h u c h e r o t <da...@hucherot.com>.
Hello Maurice,
I think we must read Apache HTTP server and NGINX (the same), and if
they use httpS.
Enjoy FinDeSemaine.
daniel
Le 26/04/2014 14:08, Maurice Howe a écrit :
> According to MalwareBytes, Apache is very vulnerable to the HeartBleed bug.
> Any truth in that? Here's what they say:
>
> Cheers,
> Maurice Howe
>
> "It is a bug in OPEN SSL. It affects version 1.0.1 through 1.0.1f
> (inclusive), and it affects servers that run Apache and NGINX mostly. Open
> SSL is used in a lot of things and the complete list of what is affected has
> yet to be tabulated, so there's probably other stuff too. Apache and NGINX
> are the most important ones to start with."
>
>
>
Re: HeartBleed bug
Posted by Andrea Pescetti <pe...@apache.org>.
On 27/04/2014 Rob Weir wrote:
> They are talking about the Apache HTTP server. It is clear in
> context, "it affects servers that run Apache and NGINX mostly".
Just to remove any remaining doubts: the Apache OpenOffice websites do
use the Apache HTTP server, but (since they were not using vulnerable
versions of OpenSSL) they are not affected by Heartbleed. The passwords
that users created to access the wiki or forum are safe. See
http://www.mail-archive.com/dev@openoffice.apache.org/msg17739.html
Also, passwords used directly within OpenOffice (like password-protected
documents) are not affected by Heartbleed.
Regards,
Andrea.
-------------------------------------------
List Conduct Guidelines: http://openoffice.apache.org/list-conduct.html
To unsubscribe, e-mail: users-unsubscribe@openoffice.apache.org
For additional commands, e-mail: users-help@openoffice.apache.org
Re: HeartBleed bug
Posted by Rob Weir <ro...@apache.org>.
On Sat, Apr 26, 2014 at 8:08 AM, Maurice Howe <ma...@stny.rr.com> wrote:
> According to MalwareBytes, Apache is very vulnerable to the HeartBleed bug.
> Any truth in that? Here's what they say:
>
> Cheers,
> Maurice Howe
>
> "It is a bug in OPEN SSL. It affects version 1.0.1 through 1.0.1f
> (inclusive), and it affects servers that run Apache and NGINX mostly. Open
> SSL is used in a lot of things and the complete list of what is affected has
> yet to be tabulated, so there's probably other stuff too. Apache and NGINX
> are the most important ones to start with."
>
They are talking about the Apache HTTP server. It is clear in
context, "it affects servers that run Apache and NGINX mostly".
The thing to note is that "Apache" in general is the Apache Software
Foundation, a public charity that is the umbrella organization for
over 170 open source projects. Every one of them has a name that
starts with "Apache", e.g., "Apache OpenOffice", "Apache Hadoop",
"Apache Subversion", etc. For short names, in informal use, we often
just call them "OpenOffice", "Hadoop", "Subversion", etc. The one
exception is "Apache HTTP Server", where the short name is typically
just "Apache". Why? Because it was the very first Apache project,
the project that lent its name to the Foundation when it was created.
Regards,
-Rob
>
-------------------------------------------
List Conduct Guidelines: http://openoffice.apache.org/list-conduct.html
To unsubscribe, e-mail: users-unsubscribe@openoffice.apache.org
For additional commands, e-mail: users-help@openoffice.apache.org