Oracle PCA Release 1.1.3 is a maintenance release. This section describes functional changes, improvements and bug fixes compared to the previous release.
Release 1.1.3 is an errata release that eliminates the OpenSSL security issue CVE-2014-0160 – commonly known as the 'heartbleed bug'. This release of the Oracle PCA software contains an upgraded OpenSSL package that is not affected by the vulnerability in question.
Oracle has published an article on Oracle Technology Network to document the current status of its products with respect to OpenSSL security: http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
The following table lists bugs that have been fixed in Oracle PCA Release 1.1.3.
Table 2.3 List of Fixed Bugs
Bug ID |
Description |
---|---|
18553479 |
“OpenSSL 'Heartbleed' Vulnerability Affects Management Nodes” The patched version of OpenSSL is included in the errata Release 1.1.3 of the Oracle PCA software stack. An upgrade to Release 1.1.3 eliminates the 'heartbleed' vulnerability. |
18545030 |
“OpenSSL upgrade required in Oracle PCA code base” All builds of the Oracle PCA software Release 1.1.3 and later include a version of the OpenSSL package that is not compromised by the 'heartbleed' vulnerability. |