Please be aware that the content in SAP SQL Anywhere Forum will be migrated to the SAP Community in June and this forum will be retired.

There's a contradiction according to the "Heartbleed" fixes between the information in this FAQ and the newest EBF readme:

From Jason's statement in the FAQ answer:

Affected Versions - note that all platforms are impacted by this issue.
SQL Anywhere 12.0.1 ebf 3994-4085
SQL Anywhere 16.0 ebf 1690-1823

In contrast, the EBF readme (and the according CR) does name different affected versions:

================(Build #4086  - Engineering Case #761751)================

The OpenSSL vulnerability known as Heartbleed impacted some components of 
SQL Anywhere software as follows:
Affected Versions (note that all platforms were impacted by the vulnerability):
 - SQL Anywhere 12.0.1 builds 3994-4098
 - SQL Anywhere 16.0 builds 1690-1880

Am I right that the EBF information is wrong? - I hope so as there are no 16.0 EBFs available with build numbers beyond 1880...

asked 19 May '14, 03:38

Volker%20Barth's gravatar image

Volker Barth
accept rate: 34%

edited 19 May '14, 05:47

Presumably the EBF for Windows has the Heartbleed fix. Alas, the associated read-me file does not contain any mention of it (no mention of Engineering Case #761751, no references AT ALL to ANY changes made in build 1824).

I suspect the Evil Prince Haste is to blame :)

(19 May '14, 09:32) Breck Carter

Hm, as Jason has added here:

Update 7 (May 26, 2014): Further changes were required to fully resolve the security vulnerability known as Heartbleed. All Linux users concerned about Heartbleed should update to 12.0.1 SP74 (Build 4110) or newer and/or 16.0 SP13 (Build 1911) or newer. Windows users who use the FIPS option or who are using LDAP authentication should update to 12.0.1 SP72 (Build 4104) or newer and/or 16.0 SP14 (Build 1915) or newer

So, I would conclude the EBF readme note seems to be more up-to-date...

permanent link

answered 26 May '14, 10:13

Volker%20Barth's gravatar image

Volker Barth
accept rate: 34%

There is also an updated CR to reflect the additional changes needed - see CR #764130.

permanent link

answered 26 May '14, 10:52

Jeff%20Albion's gravatar image

Jeff Albion
accept rate: 25%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 19 May '14, 03:38

question was seen: 2,815 times

last updated: 26 May '14, 10:52