Please be aware that the content in SAP SQL Anywhere Forum will be migrated to the SAP Community in June and this forum will be retired.

Which EBFs do contain the "Heartbleed" fixes?

2

There's a contradiction according to the "Heartbleed" fixes between the information in this FAQ and the newest 12.0.1.4104 EBF readme:

From Jason's statement in the FAQ answer:

Affected Versions - note that all platforms are impacted by this issue.
SQL Anywhere 12.0.1 ebf 3994-4085
SQL Anywhere 16.0 ebf 1690-1823

In contrast, the 12.0.1.4104 EBF readme (and the according CR) does name different affected versions:

================(Build #4086  - Engineering Case #761751)================

The OpenSSL vulnerability known as Heartbleed impacted some components of 
SQL Anywhere software as follows:
    ....
Affected Versions (note that all platforms were impacted by the vulnerability):
 - SQL Anywhere 12.0.1 builds 3994-4098
 - SQL Anywhere 16.0 builds 1690-1880

Question:
Am I right that the EBF information is wrong? - I hope so as there are no 16.0 EBFs available with build numbers beyond 1880...

asked 19 May '14, 03:38

Volker%20Barth's gravatar image

Volker Barth
40.2k361550822
accept rate: 34%

edited 19 May '14, 05:47

Presumably the 16.0.0.1824 EBF for Windows has the Heartbleed fix. Alas, the associated read-me file does not contain any mention of it (no mention of Engineering Case #761751, no references AT ALL to ANY changes made in build 1824).

I suspect the Evil Prince Haste is to blame :)

(19 May '14, 09:32) Breck Carter
2 Answers:
active answersoldest answersnewest answerspopular answers
1

Hm, as Jason has added here:

Update 7 (May 26, 2014): Further changes were required to fully resolve the security vulnerability known as Heartbleed. All Linux users concerned about Heartbleed should update to 12.0.1 SP74 (Build 4110) or newer and/or 16.0 SP13 (Build 1911) or newer. Windows users who use the FIPS option or who are using LDAP authentication should update to 12.0.1 SP72 (Build 4104) or newer and/or 16.0 SP14 (Build 1915) or newer

So, I would conclude the EBF readme note seems to be more up-to-date...

permanent link

answered 26 May '14, 10:13

Volker%20Barth's gravatar image

Volker Barth
40.2k361550822
accept rate: 34%

0

There is also an updated CR to reflect the additional changes needed - see CR #764130.

permanent link

answered 26 May '14, 10:52

Jeff%20Albion's gravatar image

Jeff Albion
10.8k171175
accept rate: 25%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×104
×48

question asked: 19 May '14, 03:38

question was seen: 2,775 times

last updated: 26 May '14, 10:52

Related questions

SQL Anywhere on Windows operating system changes db file to read only

Will version 12.0.1 be an "active version" until the EOL is reached?

SQL Anywhere 17 developer edition new ebf

Storage setup for security and performance

Protecting intellectual property

Is there more information available on particular bugfixes than in the EBF readme docs?

How do I expunge all SQL code from a database?

JDBC Java ConnString / EncryptedPassword (ENP) connection parameter

EBF 22109: 12.0.1 SP66 Build 3994

simple encryption question