| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Openssl security breach detected - oracle concerned?
The recently installed 9i rel2 pachted to 9.2.0.2.0 uses openssl version 0.9.6b
The latest version is 0.9.7a was 0.9.6i.
Compile and then just change the file will most likely not work, will it?
kr
Apologies for any typing mistakes I failed to notice.
Markus Reger
Oracle Applications DBA
Webmaster
MBC
University for Music and Performing Art
Vienna
>>> BoivinP_at_mar.dfo-mpo.gc.ca 02/25/03 13:28 PM >>>
You would have to verify what version of SSL.
http://www.theregister.co.uk/content/55/29423.html yesterday posted a notice that the "experiment" was with an older version of SSL.
It could be that iAS and other Oracle products are still using that version, I know they were way behind in the Apache release they bundled in iAS 1.0.2.2
I would be curious to learn what you find out.
Regards,
Patrice Boivin
Systems Analyst (Oracle Certified DBA)
Systems Admin & Operations | Admin. et Exploit. des systèmes Technology Services | Services technologiques Informatics Branch | Direction de l'informatique Maritimes Region, DFO | Région des Maritimes, MPO
E-Mail: boivinp_at_mar.dfo-mpo.gc.ca
-----Original Message-----
Sent: Tuesday, February 25, 2003 6:50 AM
To: Multiple recipients of list ORACLE-L
hello to everybody
recently a security breach was detected with OpenSSL - the password of a user could be decoded within hours, the bank account was robbed - but just for testing purposes -
has anyone ever heard about a similar problem regarding to oracle ssl. we use it and i couldn't find a patch for this particular problem if there is any with oracle's ssl.
kind regards
Apologies for any typing mistakes I failed to notice.
Markus Reger
Oracle Applications DBA
Webmaster
MBC
University for Music and Performing Art
Vienna
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Markus Reger
INET: reger_at_mdw.ac.at
Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services ---------------------------------------------------------------------To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services ---------------------------------------------------------------------To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Markus Reger
INET: reger_at_mdw.ac.at
Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services ---------------------------------------------------------------------To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Tue Feb 25 2003 - 08:11:08 CST
 |
 |