[Dovecot] Heartbleed openssl vulnerability?
Jakob Curdes
jc at info-systems.de
Tue Apr 8 19:05:49 UTC 2014
Am 08.04.2014 19:00, schrieb John Rowe:
> Do we know if dovecot is vulnerable to the heartbleed SSL problem?
>
> I'm running dovecot-2.0.9 and openssl-1.01, the latter being
> intrinsically vulnerable. An on-line tool says that my machine is not
> affected on port 993 but it would be nice to know for sure if we were
> vulnerable for a while. (Naturally I've blocked it anyway!).
>
Usually all programs are linked dynamically to the library, so the
vulnerability depends on the library only. If you updated the library
today and restarted the service (!!) then it is very likely that your
mail installation is not vulnerable any more. Otherwise it is very
likely to be vulnerable, regardless what tests say.
JC
More information about the dovecot
mailing list