{"id":1682,"date":"2014-04-16T12:30:31","date_gmt":"2014-04-16T10:30:31","guid":{"rendered":"http:\/\/www.oradba.ch\/?p=1682"},"modified":"2014-04-16T14:17:25","modified_gmt":"2014-04-16T12:17:25","slug":"update-oracle-and-openssl-heartbleed-vulnerability","status":"publish","type":"post","link":"https:\/\/www.oradba.ch\/wordpress\/2014\/04\/update-oracle-and-openssl-heartbleed-vulnerability\/","title":{"rendered":"Update: Oracle and OpenSSL &#8216;Heartbleed&#8217; vulnerability"},"content":{"rendered":"<p>While writing a post about the <a href=\"https:\/\/www.oradba.ch\/wordpress\/2014\/04\/oracle-released-cpu-psu-april-2013\/\">new Critical Patch Advisory<\/a> I&#8217;ve discovered, that Oracle made the Information about the OpenSSL Vulnerability publicly available. The information in MOS Note <a href=\"https:\/\/support.oracle.com\/epmos\/faces\/DocumentDisplay?id=1645479.1\" target=\"_blank\">1645479.1<\/a> has been moved to <a href=\"http:\/\/www.oracle.com\/technetwork\/topics\/security\/opensslheartbleedcve-2014-0160-2188454.html\" target=\"_blank\">OpenSSL Security Bug &#8211; Heartbleed CVE-2014-0160<\/a>.<\/p>\n<p>Until now it looks like that Oracle Databases are not affected since they do not use OpenSSL. On the other hand products like Oracle Wallet Manager and EM Base Platform are still under investigation. We&#8217;ll know more once Oracle has completed its investigations.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>While writing a post about the new Critical Patch Advisory I&#8217;ve discovered, that Oracle made the Information about the OpenSSL Vulnerability publicly available. The information in MOS Note 1645479.1 has been moved to OpenSSL Security Bug &#8211; Heartbleed CVE-2014-0160. Until now it looks like that Oracle Databases are not affected since they do not use [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Update: Oracle and OpenSSL 'Heartbleed' vulnerability http:\/\/wp.me\/p1aErb-r8 #trivadis","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[8,83,85,11],"tags":[111],"class_list":["post-1682","post","type-post","status-publish","format-standard","hentry","category-11gr2","category-12cr1","category-audit-vault-and-database-firewall","category-security","tag-tvdsecexpert"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1aErb-r8","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":1673,"url":"https:\/\/www.oradba.ch\/wordpress\/2014\/04\/oracle-and-openssl-heartbleed-vulnerability\/","url_meta":{"origin":1682,"position":0},"title":"Oracle and OpenSSL &#8216;Heartbleed&#8217; vulnerability","author":"Stefan","date":"13. April 2014","format":false,"excerpt":"Earlier this week the OpenSSL Project as well US-CERT informed about a Security Vulnerability in OpenSSL. See OpenSSL Security Advisory or US-CERT Alert (TA14-098A) The vulnerability may affect Oracle Products as well, since some of them do use OpenSSL. So far Oracle did not provide dedicate information on it's public\u2026","rel":"","context":"In &quot;12cR1&quot;","block_context":{"text":"12cR1","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/12cr1\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1680,"url":"https:\/\/www.oradba.ch\/wordpress\/2014\/04\/oracle-released-cpu-psu-april-2013\/","url_meta":{"origin":1682,"position":1},"title":"Oracle released CPU \/ PSU April 2014","author":"Stefan","date":"16. April 2014","format":false,"excerpt":"As announced last week in my post Oracle CPU \/ PSU Pre-Release Announcement April 2014, Oracle has now released the Critical Patch Updates for April 2014. Overall this CPU contains 104 new security fixes across several Oracle products like Database Server, MySQL Server, Sun Product Suite, WebLogic Server etc. For\u2026","rel":"","context":"In &quot;11gR1&quot;","block_context":{"text":"11gR1","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/11gr1\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":13925,"url":"https:\/\/www.oradba.ch\/wordpress\/2023\/09\/oracle-sqlnet-tls-configuration-simplified\/","url_meta":{"origin":1682,"position":2},"title":"Oracle SQLNet TLS configuration simplified","author":"Stefan","date":"12. September 2023","format":false,"excerpt":"Most security measures for Oracle databases are usually aimed at protecting and hardening the database itself. This includes secure configuration, implementation of the least privilege principle, reduction of the attack surface, encryption at REST, database audit and much more. Sometimes, however, it is forgotten that the database also communicates with\u2026","rel":"","context":"In &quot;Howto&quot;","block_context":{"text":"Howto","link":"https:\/\/www.oradba.ch\/wordpress\/category\/howto\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/ca_list.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":1671,"url":"https:\/\/www.oradba.ch\/wordpress\/2014\/04\/oracle-cpu-psu-pre-release-announcement-april-2014\/","url_meta":{"origin":1682,"position":3},"title":"Oracle CPU \/ PSU Pre-Release Announcement April 2014","author":"Stefan","date":"11. April 2014","format":false,"excerpt":"Today Oracle has published the Pre-Release Announcement of the CPU Advisory for April 2014. This Critical Patch Update contains 103 new security vulnerability fixes for several Oracle products. There are only a few days since the publication of the vulnerability CVE-2014-0160 known as \"Heartbleed\". Therefore I assume, that this patch\u2026","rel":"","context":"In &quot;11gR1&quot;","block_context":{"text":"11gR1","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/11gr1\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":16030,"url":"https:\/\/www.oradba.ch\/wordpress\/2024\/09\/building-oracle-23ai-free-on-arm64\/","url_meta":{"origin":1682,"position":4},"title":"Building Oracle 23ai Free on ARM64","author":"Stefan","date":"18. September 2024","format":false,"excerpt":"Earlier this week, Oracle quietly released the RPM packages for Oracle 23ai Free Edition for ARM64 systems. This release is very interesting for developers using Macs with ARM processors as it allows them to create Oracle 23ai containers for their development and engineering environments. In this blog post, I'll walk\u2026","rel":"","context":"In &quot;23ai&quot;","block_context":{"text":"23ai","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/23ai\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/Ora23aiFreeDocker.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/Ora23aiFreeDocker.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/Ora23aiFreeDocker.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/Ora23aiFreeDocker.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/Ora23aiFreeDocker.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/Ora23aiFreeDocker.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":860,"url":"https:\/\/www.oradba.ch\/wordpress\/2012\/05\/oracle-tns-poison-vulnerability\/","url_meta":{"origin":1682,"position":5},"title":"Oracle TNS Poison vulnerability","author":"Stefan","date":"15. May 2012","format":false,"excerpt":"A few days after the last critical patch update Oracle had to post security alert for CVE-2012-1675. The issue also known as \"TNS Listener Poison Attack\" is affecting any Oracle Database Server. As a personal reference I have summarized the most important information about this topic.","rel":"","context":"In &quot;Oracle Database&quot;","block_context":{"text":"Oracle Database","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/1682","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/comments?post=1682"}],"version-history":[{"count":2,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/1682\/revisions"}],"predecessor-version":[{"id":1687,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/1682\/revisions\/1687"}],"wp:attachment":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/media?parent=1682"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/categories?post=1682"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/tags?post=1682"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}