There's a contradiction according to the "Heartbleed" fixes between the information in this FAQ and the newest 12.0.1.4104 EBF readme:

From Jason's statement in the FAQ answer:

Affected Versions - note that all platforms are impacted by this issue.
SQL Anywhere 12.0.1 ebf 3994-4085
SQL Anywhere 16.0 ebf 1690-1823

In contrast, the 12.0.1.4104 EBF readme (and the according CR) does name different affected versions:

================(Build #4086  - Engineering Case #761751)================

The OpenSSL vulnerability known as Heartbleed impacted some components of 
SQL Anywhere software as follows:
    ....
Affected Versions (note that all platforms were impacted by the vulnerability):
 - SQL Anywhere 12.0.1 builds 3994-4098
 - SQL Anywhere 16.0 builds 1690-1880

Question:
Am I right that the EBF information is wrong? - I hope so as there are no 16.0 EBFs available with build numbers beyond 1880...

asked 19 May '14, 03:38

Volker%20Barth's gravatar image

Volker Barth
31.3k312458674
accept rate: 32%

edited 19 May '14, 05:47

Presumably the 16.0.0.1824 EBF for Windows has the Heartbleed fix. Alas, the associated read-me file does not contain any mention of it (no mention of Engineering Case #761751, no references AT ALL to ANY changes made in build 1824).

I suspect the Evil Prince Haste is to blame :)

(19 May '14, 09:32) Breck Carter

Hm, as Jason has added here:

Update 7 (May 26, 2014): Further changes were required to fully resolve the security vulnerability known as Heartbleed. All Linux users concerned about Heartbleed should update to 12.0.1 SP74 (Build 4110) or newer and/or 16.0 SP13 (Build 1911) or newer. Windows users who use the FIPS option or who are using LDAP authentication should update to 12.0.1 SP72 (Build 4104) or newer and/or 16.0 SP14 (Build 1915) or newer

So, I would conclude the EBF readme note seems to be more up-to-date...

permanent link

answered 26 May '14, 10:13

Volker%20Barth's gravatar image

Volker Barth
31.3k312458674
accept rate: 32%

There is also an updated CR to reflect the additional changes needed - see CR #764130.

permanent link

answered 26 May '14, 10:52

Jeff%20Albion's gravatar image

Jeff Albion
10.7k171174
accept rate: 24%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×88
×37

question asked: 19 May '14, 03:38

question was seen: 1,415 times

last updated: 26 May '14, 10:52