on 2014 May 19 4:38 AM
There's a contradiction according to the "Heartbleed" fixes between the information in this FAQ and the newest 12.0.1.4104 EBF readme:
From Jason's statement in the FAQ answer:
Affected Versions - note that all platforms are impacted by this issue.
SQL Anywhere 12.0.1 ebf 3994-4085
SQL Anywhere 16.0 ebf 1690-1823
In contrast, the 12.0.1.4104 EBF readme (and the according CR) does name different affected versions:
================(Build #4086 - Engineering Case #761751)================
The OpenSSL vulnerability known as Heartbleed impacted some components of
SQL Anywhere software as follows:
....
Affected Versions (note that all platforms were impacted by the vulnerability):
- SQL Anywhere 12.0.1 builds 3994-4098
- SQL Anywhere 16.0 builds 1690-1880
Question:
Am I right that the EBF information is wrong? - I hope so as there are no 16.0 EBFs available with build numbers beyond 1880...
Request clarification before answering.
Hm, as Jason has added here:
Update 7 (May 26, 2014): Further changes were required to fully resolve the security vulnerability known as Heartbleed. All Linux users concerned about Heartbleed should update to 12.0.1 SP74 (Build 4110) or newer and/or 16.0 SP13 (Build 1911) or newer. Windows users who use the FIPS option or who are using LDAP authentication should update to 12.0.1 SP72 (Build 4104) or newer and/or 16.0 SP14 (Build 1915) or newer
So, I would conclude the EBF readme note seems to be more up-to-date...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
There is also an updated CR to reflect the additional changes needed - see CR #764130.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
46 | |
6 | |
6 | |
5 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.