CodeWalrus

CodeWalrus Website => Site Discussion => Site Discussion & Bug Reports => Topic started by: Legimet on December 26, 2016, 11:03:23 PM

Title: CodeWalrus server vulnerable to CVE-2016-2107
Post by: Legimet on December 26, 2016, 11:03:23 PM
You can test it here: https://filippo.io/CVE-2016-2107/#codewalr.us
The ssllabs.com test currently gives codewalr.us an F grade: https://www.ssllabs.com/ssltest/analyze.html?d=codewalr.us
You'll have to upgrade OpenSSL.
Title: Re: CodeWalrus server vulnerable to CVE-2016-2107
Post by: Dream of Omnimaga on December 26, 2016, 11:36:12 PM
@Streetwalrus @Juju @aeTIos
Title: Re: CodeWalrus server vulnerable to CVE-2016-2107
Post by: novenary on December 26, 2016, 11:37:09 PM
Time to update debian and reboot the server. Whenever you're ready Juju.
Title: Re: CodeWalrus server vulnerable to CVE-2016-2107
Post by: aetios on December 26, 2016, 11:44:53 PM
Thanks for the heads up, we'll fix it.
Title: Re: CodeWalrus server vulnerable to CVE-2016-2107
Post by: novenary on December 26, 2016, 11:48:41 PM
Oh well, I did it. It was long overdue anyway, should be fixed now.

c debian for being c overall.
Title: Re: CodeWalrus server vulnerable to CVE-2016-2107
Post by: Legimet on December 26, 2016, 11:53:32 PM
If you're using Debian, you might want to look at apticron (https://debian-administration.org/article/491/Automatic_package_update_nagging_with_apticron), a script which sends emails about updates :)
Title: Re: CodeWalrus server vulnerable to CVE-2016-2107
Post by: novenary on December 26, 2016, 11:56:35 PM
Thanks for the tip.
Title: Re: CodeWalrus server vulnerable to CVE-2016-2107
Post by: Dream of Omnimaga on December 27, 2016, 08:11:50 AM
@Streetwalrus almost quit the CW staff team because DigitalOcean used Debian last Summer O.O