Copyright © 2008, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Oracle Virtual Compute Appliance Release 1.1.3 is a maintenance release. This section describes functional changes, improvements and bug fixes compared to the previous release.
Release 1.1.3 is an errata release that eliminates the OpenSSL security issue CVE-2014-0160 – commonly known as the 'heartbleed bug'. This release of the Oracle Virtual Compute Appliance software contains an upgraded OpenSSL package that is not affected by the vulnerability in question.
Oracle has published an article on Oracle Technology Network to document the current status of its products with respect to OpenSSL security: http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
The following table lists bugs that have been fixed in Oracle Virtual Compute Appliance Release 1.1.3.
Table 2.1 List of Fixed Bugs
|
Bug ID |
Description |
|---|---|
|
18553479 |
“OpenSSL 'Heartbleed' Vulnerability Affects Management Nodes” The patched version of OpenSSL is included in the errata Release 1.1.3 of the Oracle Virtual Compute Appliance software stack. An upgrade to Release 1.1.3 eliminates the 'heartbleed' vulnerability. |
|
18545030 |
“OpenSSL upgrade required in Oracle Virtual Compute Appliance code base” All builds of the Oracle Virtual Compute Appliance software Release 1.1.3 and later include a version of the OpenSSL package that is not compromised by the 'heartbleed' vulnerability. |
Copyright © 2008, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices