***Update (June 26, 2014): Here is a complete summary of all affected/patched versions of SQL Anywhere that were affected by Heartbleed:
SQL Anywhere 12
Windows/Linux affected versions: SP 66 - SP 71 (12.0.1.3994 - 12.0.1.4109)
Windows/Linux patched versions: SP 74 (12.0.1.4110) and later
UNIX platforms affected versions: SP 66 - SP 70 (12.0.1.3994 - 12.0.1.4085)
UNIX platforms patched versions: SP 71 (12.0.1.4086) and later
MacOS affected versions: SP 67 (12.0.1.3994 - 12.0.1.4105)
MacOS patched versions: SP 73 (12.0.1.4106)
SQL Anywhere 16
Windows affected versions: SP 6 - SP 11 (16.0.1690 - 16.0.1914)
Windows patched versions: SP 14 (16.0.1915)
Linux affected versions: SP 6 - SP 11 (16.0.1690 - 16.0.1910)
Linux patched versions: SP 13 (16.0.1911)
UNIX platforms affected versions: SP 6 - SP 9 (16.0.1690 - 16.0.1880)
UNIX platforms patched versions: SP 11 (16.0.1824)
MacOS affected versions: SP 6 - SP 9 (16.0.1690 - 16.0.1880)
MacOS patched versions: SP 12 (16.0.1894)
***Update (May 26, 2014): Further changes were required to fully resolve the security vulnerability known as Heartbleed.
All Linux users concerned about Heartbleed should update to 12.0.1 SP74 (Build 4110) or newer and/or 16.0 SP13 (Build 1911) or newer.
Windows users who use the FIPS option or who are using LDAP authentication should update to 12.0.1 SP72 (Build 4104) or newer and/or 16.0 SP14 (Build 1915) or newer.
***Update (April 21, 2014): A new ebf/SP for SQL Anywhere versions 12 and 16 on Windows and Linux platforms which removes this vulnerability has been posted for download to the SQL Anywhere ebf/SP download site. Fixes for other platforms will be released after they complete internal testing.
SAP takes the security of its products very seriously. The recent OpenSSL vulnerability known as Heartbleed does impact some users of SQL Anywhere.
Here are the details:
Affected Components
Affected Versions - note that all platforms are impacted by this issue.
Current Workaround
Resolution
In addition, here is the text of the latest response (as of this posting) from the SAP security team, released earlier today on service marketplace (http://service.sap.com/securitynotes):
Deficiencies in releases of OpenSSL libraries
SAP takes any security-related report very seriously. We will notify our customers appropriately as relevant new information on this topic becomes available.
We take the opportunity to remind you to increase the security of your SAP systems by installing the available security patches. For information on SAP’s security notes and patches, please go to the SAP Security Notes page on the SAP Service Marketplace extranet at https://service.sap.com/securitynotes.
SAP has received information about security deficiencies in some releases of OpenSSL libraries, used in a number of software products of different vendors. These deficiencies are referred to under the name of the “Heartbleed” vulnerability (CVE-2014-0160, see http://heartbleed.com). SAP security teams are in the process of investigating if products are possibly affected by the reported vulnerability. At the current state of investigations we have no indications that SAP NetWeaver and SAP HANA are affected.
We take the opportunity to remind you to increase the security of your SAP systems by installing the available security patches. For information on SAP’s security notes and patches, please go to the SAP Security Notes page on the SAP Service Marketplace extranet at https://service.sap.com/securitynotes.
If there are any further questions, please don't hesitate to contact SAP support.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
30 | |
19 | |
10 | |
10 | |
8 | |
7 | |
7 | |
7 | |
6 | |
6 |