Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio Connect and OpenSSL vulnerabilty CVE-2014-0160 (Heartbleed) (Fixed in version 8.2.4. Hotfix: http://goo.gl/filNif)
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
OpenSSL vulnerabilty CVE-2014-0160 (Heartbleed)

Details:
Vulnerability has been reported in OpenSSL 1.0.1 and higher. It allows an attacker to read arbitrary data from the process memory.

Affected versions:
Kerio Connect 8.2.0 - 8.2.3.

Not affected (safe) versions:
Kerio Connect 8.1.3 and older.

Solution:
Kerio released a Kerio Connect 8.2.4 update (http://forums.kerio.com/t/27057//) for this vulnerability.

A hotfix is available at http://goo.gl/filNif for older Kerio Connect versions.

Description in Kerio KnowledgeBase: http://kb.kerio.com/1585

[Updated on: Tue, 08 August 2017 19:26] by Moderator

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Update:

A hotfix for all Kerio Connect 8.2.0-8.2.3 versions is now being tested. It will be available within few hours for our customers.
Also a Kerio Connect 8.2.4 update will follow few hours after the hotfix.
  •  
Maerad

Messages: 158
Karma: 31
Send a private message to this user
Can you give a rough eta for the hotfix? Like "might be available in ~4 h"?

[EDIT]
Gives the ppl here a better way to plan their maintenance or in my case, if I can wait for tonight and install it or if I should get up at the early morning Smile

[Updated on: Tue, 08 April 2014 17:36]

  •  
chrwei

Messages: 196
Karma: 11
Send a private message to this user
is Control also affected?
  •  
Jeeves_

Messages: 22

Karma: 4
Send a private message to this user
At first I thought so. But it doesn't look like it.

Offering Kerio and much more. See http://www.tuxis.nl and http://www.kerioindecloud.nl/
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Update:

Hotfix is available at http://goo.gl/filNif

A regular product service release will follow soon. Please report any problem with a hotfix here.
Thank you.

[Updated on: Wed, 09 April 2014 13:28]

  •  
chrwei

Messages: 196
Karma: 11
Send a private message to this user
applied, no "bad things" yet, so that's good.
  •  
Vink

Messages: 32
Karma: 3
Send a private message to this user
Applied to a small Connect server (20 mailboxes). No problems so far.
Waiting a little bit longer to apply to larger (130 mailboxes) server.
Servers: Debian Wheezy, 64-bit. Connect 8.2.2 with AV & AS.

Edit: applied to larger server. Runs smoothly so far.

[Updated on: Tue, 08 April 2014 20:15]

  •  
bmdv

Messages: 109

Karma: 0
Send a private message to this user
The fix works fine here with 8.2.3 (Ubuntu 12.04/64) and fixes the Vulnerability for us. Thanks.
Btw. a normal download link would be fine, so linux users can use wget to Download it directly to the Server.

[Updated on: Tue, 08 April 2014 20:03]

  •  
s2igmbh

Messages: 1
Karma: 1
Send a private message to this user
Pavel, the fix is working here on 64bit Debian7 Connect 8.2.3. Thanks a lot, s2igmbh
  •  
BLTomato

Messages: 57
Karma: 1
Send a private message to this user
Shows up as clear now on an 8.2.2 install. Thanks guys!
  •  
areichmann

Messages: 83
Karma: 4
Send a private message to this user
Ok with multiple X64 Windows Versions.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Thank you all for feedback!

Please share this information on Twitter, Facebook or whatever social tool you like. This vulnerability is quite serious and affects more than a half of all internet applications and servers. Servers must be patched as soon as possible.
The hotfix is for free for all affected Kerio Connect customers, even for customers not eligible for Kerio Connect updates.
  •  
freakinvibe

Messages: 1531
Karma: 60
Send a private message to this user
Windows Server 2012 R2
Kerio Connect 8.2.2 32-bit

All went fine, vulnerability test now shows "not vulnerable".

Thanks for the quick fix.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
b-tom

Messages: 157
Karma: 1
Send a private message to this user
Flawless hot fix upgrade on macosx server. No longer vulnerable. Thanks Pavel.
Previous Topic: Catching outgoing spam / blocking account
Next Topic: New webmail
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Sep 26 11:09:32 CEST 2017

Total time taken to generate the page: 0.00528 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.