Impact of Heartbleed issue on KDE.org infrastructure

Ben Cooksley bcooksley-RoXCvvDuEio at public.gmane.org
Tue Apr 15 09:29:09 BST 2014


Hi everyone,

As i'm sure you're all aware at this point, a vulnerability of OpenSSL
could lead to sensitive information being leaked by web servers.

The Good News:

The vast majority of our services are running on the older Debian
Squeeze, which uses OpenSSL 0.9.8o and is unaffected by the issue.

The Bad News:

Certain services are run through a third party intermediary
(Incapsula) and some services are being hosted by Debian Wheezy
systems (which did use a vulnerable version of OpenSSL).

All such systems under the control of KDE Sysadmin have since been
patched and have had the necessary services restarted. For information
on the steps taken by Incapsula please see
http://www.incapsula.com/blog/heartbleed-ssl-vulnerability-fixed.html

As far as we are aware, all systems under kde.org have now had the
issue corrected (assuming they were affected by the issue in the first
case).

Sites affected:

forum.kde.org
community.kde.org
userbase.kde.org
techbase.kde.org
cdn.kde.org
api.kde.org
dot.kde.org
blogs.kde.org
reviewboard.kde.org (Both Git and Subversion)

At no point were Identity, Bugzilla or SCM services affected by this issue.
If anyone has any questions, please let us know.

Thanks,
Ben Cooksley
KDE Sysadmin



More information about the kde-core-devel mailing list