Return-Path: Received: from ensim.rackshack.net (root@localhost) by orafaq.net (8.11.6/8.11.6) with ESMTP id h1PFim308474 for ; Tue, 25 Feb 2003 09:44:48 -0600 X-ClientAddr: 209.68.248.164 Received: from newsfeed.cts.com (newsfeed.cts.com [209.68.248.164]) by ensim.rackshack.net (8.11.6/8.11.6) with ESMTP id h1PFilJ08469 for ; Tue, 25 Feb 2003 09:44:47 -0600 Received: from fatcity.UUCP (uucp@localhost) by newsfeed.cts.com (8.9.3/8.9.3) with UUCP id EAA16374; Tue, 25 Feb 2003 04:26:37 -0800 (PST) Received: by fatcity.com (26-Feb-2001/v1.0g-b72/bab) via UUCP id 005583E5; Tue, 25 Feb 2003 03:59:20 -0800 Message-ID: Date: Tue, 25 Feb 2003 03:59:20 -0800 To: Multiple recipients of list ORACLE-L X-Comment: Oracle RDBMS Community Forum X-Sender: "Boivin, Patrice J" Sender: root@fatcity.com Reply-To: ORACLE-L@fatcity.com Errors-To: ML-ERRORS@fatcity.com From: "Boivin, Patrice J" Subject: RE: Openssl security breach detected - oracle concerned? Organization: Fat City Network Services, San Diego, California X-ListServer: v1.0g, build 72; ListGuru (c) 1996-2001 Bruce A. Bergman Precedence: bulk Mime-Version: 1.0 Content-type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit You would have to verify what version of SSL. http://www.theregister.co.uk/content/55/29423.html yesterday posted a notice that the "experiment" was with an older version of SSL. It could be that iAS and other Oracle products are still using that version, I know they were way behind in the Apache release they bundled in iAS 1.0.2.2 I would be curious to learn what you find out. Regards, Patrice Boivin Systems Analyst (Oracle Certified DBA) Systems Admin & Operations | Admin. et Exploit. des systèmes Technology Services | Services technologiques Informatics Branch | Direction de l'informatique Maritimes Region, DFO | Région des Maritimes, MPO E-Mail: boivinp@mar.dfo-mpo.gc.ca -----Original Message----- Sent: Tuesday, February 25, 2003 6:50 AM To: Multiple recipients of list ORACLE-L hello to everybody recently a security breach was detected with OpenSSL - the password of a user could be decoded within hours, the bank account was robbed - but just for testing purposes - has anyone ever heard about a similar problem regarding to oracle ssl. we use it and i couldn't find a patch for this particular problem if there is any with oracle's ssl. kind regards Apologies for any typing mistakes I failed to notice. Markus Reger Oracle Applications DBA Webmaster MBC University for Music and Performing Art Vienna -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Markus Reger INET: reger@mdw.ac.at Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru@fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Boivin, Patrice J INET: BoivinP@mar.dfo-mpo.gc.ca Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru@fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).