8 Apr
2014
8 Apr
'14
10:05 p.m.
Am 08.04.2014 19:00, schrieb John Rowe:
Do we know if dovecot is vulnerable to the heartbleed SSL problem?
I'm running dovecot-2.0.9 and openssl-1.01, the latter being intrinsically vulnerable. An on-line tool says that my machine is not affected on port 993 but it would be nice to know for sure if we were vulnerable for a while. (Naturally I've blocked it anyway!).
Usually all programs are linked dynamically to the library, so the vulnerability depends on the library only. If you updated the library today and restarted the service (!!) then it is very likely that your mail installation is not vulnerable any more. Otherwise it is very likely to be vulnerable, regardless what tests say. JC