Re: [bitfolk] SSL POODLE (CVE-2014-3566) vulnerabilities amo…

Top Page

Reply to this message
Author: Mat Johns
Date:  
To: BitFolk Users
Subject: Re: [bitfolk] SSL POODLE (CVE-2014-3566) vulnerabilities amongst the customer base
Surprisingly I didn't show up; either way I was affected and likewise good
nudge to do something about it... two of my servers (BitFolk VPS being one
of them) are still currently stuck on Debian Squeeze (long story, but
upgrading to Wheezy would most likely break some old binary installs).
Unfortunately the version of lighttpd packaged with Squeeze annoyingly
doesn't actually have a option to disable SSLv3... so I've quickly
backported the relevant code to enable that config.

https://github.com/matjohns/squeeze-lighttpd-poodle

Just in case anyone else is in a similar position, this worked for me.

~Mat

On 16 December 2014 at 18:53, Ole-Morten Duesund <olemd@???> wrote:
>
> On 16/12/14 18:44, Andy Smith wrote:
>
>> Hello,
>>
>> On Tue, Dec 09, 2014 at 07:39:05PM +0000, Andy Smith wrote:
>>
>>> ShadowServer have started reporting on this now, and their latest
>>> report still shows 79 IPs in BitFolk's customer IP space that are
>>> vulnerable to SSLv3/Poodle.
>>>
>>> I still don't want to be opening tickets with people individually
>>> over this so unless there is an outrage against the idea then I'm
>>> thinking of just posting next Tuesday's report here.
>>>
>>
>> Here you go:
>>
>>      http://dl.shadowserver.org/4o9jR_W433PVUJ4CIuqH8V7ht7A?
>> mXSocjvDYp7FJ-vqyoRiow

>>
>
> Excellent - just what I needed to actually fix it. 5 min of spare time and
> a tiny nudge :-)
>
> - OM
>
>
>
> _______________________________________________
> users mailing list
> users@???
> https://lists.bitfolk.com/mailman/listinfo/users
>