cancel
Showing results for 
Search instead for 
Did you mean: 

Which EBFs do contain the "Heartbleed" fixes?

VolkerBarth
Contributor
3,057

There's a contradiction according to the "Heartbleed" fixes between the information in this FAQ and the newest 12.0.1.4104 EBF readme:

From Jason's statement in the FAQ answer:

Affected Versions - note that all platforms are impacted by this issue.
SQL Anywhere 12.0.1 ebf 3994-4085
SQL Anywhere 16.0 ebf 1690-1823

In contrast, the 12.0.1.4104 EBF readme (and the according CR) does name different affected versions:

================(Build #4086  - Engineering Case #761751)================

The OpenSSL vulnerability known as Heartbleed impacted some components of 
SQL Anywhere software as follows:
    ....
Affected Versions (note that all platforms were impacted by the vulnerability):
 - SQL Anywhere 12.0.1 builds 3994-4098
 - SQL Anywhere 16.0 builds 1690-1880


Question:
Am I right that the EBF information is wrong? - I hope so as there are no 16.0 EBFs available with build numbers beyond 1880...

Accepted Solutions (1)

Accepted Solutions (1)

VolkerBarth
Contributor

Hm, as Jason has added here:

Update 7 (May 26, 2014): Further changes were required to fully resolve the security vulnerability known as Heartbleed. All Linux users concerned about Heartbleed should update to 12.0.1 SP74 (Build 4110) or newer and/or 16.0 SP13 (Build 1911) or newer. Windows users who use the FIPS option or who are using LDAP authentication should update to 12.0.1 SP72 (Build 4104) or newer and/or 16.0 SP14 (Build 1915) or newer

So, I would conclude the EBF readme note seems to be more up-to-date...

Answers (1)

Answers (1)

jeff_albion
Product and Topic Expert
Product and Topic Expert
0 Kudos

There is also an updated CR to reflect the additional changes needed - see CR #764130.