FWIW, here's the according CR 761751 description, as contained in the 12.0.1.4086 EBF readme:
================(Build #4086 - Engineering Case #761751)================
The OpenSSL vulnerability known as Heartbleed impacted some components of
SQL Anywhere software as follows:
- SQL Anywhere Server when using TLS (Transport Layer Security) communications
and/or HTTPS web services, though only to the networks that can access the
server. Calling external web services over HTTPS from the database server
were also affected.
- MobiLink Server when using TLS and/or HTTPS communications, though only
to the networks that can access the MobiLink server.
- Relay Server Outbound Enabler
Affected Versions (note that all platforms were impacted by the vulnerability):
- SQL Anywhere 12.0.1 builds 3994-4098
- SQL Anywhere 16.0 builds 1690-1880
This vulnerability has been resolved by replacing the OpenSSL libraries
with corrected versions. Once this SP has been applied, regenerate any certificates
that were being used, and then change any passwords/keys associated with
SQLA web service calls or TLS authentication.
answered
23 Apr '14, 12:32
Volker Barth
39.5k●355●539●810
accept rate:
34%