[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Recent Heartbleed OpenSSL bug may affect HTTPS Subversion servers

From: Ben Reser <ben_at_reser.org>
Date: Fri, 11 Apr 2014 07:14:39 -0600

On 4/10/14, 9:53 PM, Nico Kadel-Garcia wrote:
> I was just realizing that no one has mentioned it here: For anyone
> running HTTPS based Subversion servers, they should really take a good
> look at whether their web server is vulnerable to the "HeartBleed"
> security problem in OpenSSL. There are various good write-ups about
> it, but even an internal website vulnerable to these hacks could
> apparently have usernames and passwords stolen by a zombied or
> rootkitted host inside your network. So strongly consider updating
> *all* your websites to avoid the bug, and other bugs, and strongly
> consider your password management and expiration procedures for
> vulnerabilities that may have been exploited any time in the last two
> years.
>
> http://www.theatlantic.com/technology/archive/2014/04/how-to-check-if-a-site-is-safe-from-heartbleed/360417/

For what it's worth we're preparing specific advice for admins (so much as we
can), but it is taking some time to complete largely because we lack much in
the way of handling revoked certificates. I hope to have something up later
today on the users@, dev@ and announce@ lists.
Received on 2014-04-11 15:15:13 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.