The forum will experience an outage sometime between February 10 at 7:00pm EST and February 12 at 11:59 EST for installation of security updates. The actual time and duration of the outage are unknown but attempts will be made to minimize the downtime. We apologize for any inconvenience.

There's a contradiction according to the "Heartbleed" fixes between the information in this FAQ and the newest 12.0.1.4104 EBF readme:

From Jason's statement in the FAQ answer:

Affected Versions - note that all platforms are impacted by this issue.
SQL Anywhere 12.0.1 ebf 3994-4085
SQL Anywhere 16.0 ebf 1690-1823

In contrast, the 12.0.1.4104 EBF readme (and the according CR) does name different affected versions:

================(Build #4086  - Engineering Case #761751)================

The OpenSSL vulnerability known as Heartbleed impacted some components of 
SQL Anywhere software as follows:
    ....
Affected Versions (note that all platforms were impacted by the vulnerability):
 - SQL Anywhere 12.0.1 builds 3994-4098
 - SQL Anywhere 16.0 builds 1690-1880

Question:
Am I right that the EBF information is wrong? - I hope so as there are no 16.0 EBFs available with build numbers beyond 1880...

asked 19 May '14, 03:38

Volker%20Barth's gravatar image

Volker Barth
29.3k287438645
accept rate: 32%

edited 19 May '14, 05:47

Presumably the 16.0.0.1824 EBF for Windows has the Heartbleed fix. Alas, the associated read-me file does not contain any mention of it (no mention of Engineering Case #761751, no references AT ALL to ANY changes made in build 1824).

I suspect the Evil Prince Haste is to blame :)

(19 May '14, 09:32) Breck Carter

Hm, as Jason has added here:

Update 7 (May 26, 2014): Further changes were required to fully resolve the security vulnerability known as Heartbleed. All Linux users concerned about Heartbleed should update to 12.0.1 SP74 (Build 4110) or newer and/or 16.0 SP13 (Build 1911) or newer. Windows users who use the FIPS option or who are using LDAP authentication should update to 12.0.1 SP72 (Build 4104) or newer and/or 16.0 SP14 (Build 1915) or newer

So, I would conclude the EBF readme note seems to be more up-to-date...

permanent link

answered 26 May '14, 10:13

Volker%20Barth's gravatar image

Volker Barth
29.3k287438645
accept rate: 32%

There is also an updated CR to reflect the additional changes needed - see CR #764130.

permanent link

answered 26 May '14, 10:52

Jeff%20Albion's gravatar image

Jeff Albion
10.7k171174
accept rate: 24%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×86
×37

question asked: 19 May '14, 03:38

question was seen: 1,290 times

last updated: 26 May '14, 10:52