asfenmma.blogg.se - Openssl vulnerability

Openssl vulnerability software#

MySQL Enterprise Monitor 2.3.12 and earlier.

iAS 1.0.2.2 (Part of E-Business Suite 11i).

Enterprise Manager Grid Control Plug-ins and Connectors.

Enterprise Manager Cloud Control Plug-ins and Connectors.

E-Business Suite 11i (includes Oracle Applications Technology Stack).

Openssl vulnerability software#

Cisco MDS Fiber Channel Switches and Management Software.

Brocade (McData) Fiber Channel Switches and Management Software.

Acme Packet Net-Net Diameter Director.

No further action is therefore expected for these products: Global Product Security has determined that the following products are using OpenSSL cryptographic libraries whose versions have been externally reported as not vulnerable to CVE-2014-0160 or did not use OpenSSL libraries to implement the vulnerable TLS protocol. 1.0 Oracle products that, while using OpenSSL, were not subject to CVE-2014-0160

OpenSSL 0.9.7 branch is NOT vulnerable to CVE-2014-0160īelow is the list of affected products and mitigation instructions as of Jat 3:24 PM Pacific.

OpenSSL 0.9.8 branch is NOT vulnerable to CVE-2014-0160.

OpenSSL 1.0.0 branch is NOT vulnerable to CVE-2014-0160.

OpenSSL 1.0.1g is NOT vulnerable to CVE-2014-0160.

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable to CVE-2014-0160.

In other words, certain Oracle products, while they may be reported as using OpenSSL, may not be using versions of OpenSSL that were reported as vulnerable to CVE-2014-0160: Note that only a number of OpenSSL cryptographic libraries versions were reported as affected by vulnerability CVE-2014-0160. The Oracle Global Product Security and Development teams are investigating the use of the affected OpenSSL cryptographic libraries in Oracle products and will provide mitigation instructions when available for these affected Oracle products. For more information about this vulnerability, see (note that this site is not affiliated with Oracle). For the purpose of this Note, this vulnerability will be referred by its CVE number: CVE-2014-0160.

In April 2014, a vulnerability affecting certain versions of the OpenSSL cryptographic software library was publicly disclosed. When product versions for a given product are not specifically listed in this document, it implies all those versions for that product which are currently supported by Oracle. Oracle has not assessed the impact of this vulnerability against products that are no longer supported by Oracle. Oracle has assessed the impact of vulnerability CVE-2014-0160 only against product versions that are covered under the Premier Support or Extended Support phases of the Lifetime Support Policy. Specifically, this document will list: (1) Oracle products that never used OpenSSL versions reported to be vulnerable to CVE-2014-0160 (2) Oracle products still under investigation, which may be vulnerable to CVE-2014-0160, (3) Oracle products that are likely vulnerable to CVE-2014-0160 but have fixes available from Oracle, (4) Oracle products that are likely vulnerable to CVE-2014-0160 but for which no fixes are currently available, (5) Products that do not include OpenSSL in their default distribution, (6) Status for Oracle Cloud, (7) Status for My Oracle Support and Oracle Advanced Customer Support Services, and finally (8) Status for and other corporate resources. The purpose of this document is to list Oracle products that depend on OpenSSL and to document their current status with respect to the OpenSSL versions that were reported as vulnerable to the publicly disclosed ‘heartbleed’ vulnerability CVE-2014-0160. OpenSSL Security Bug - Heartbleed / CVE-2014-0160 PURPOSE