2.12 Changes and Improvements in Release 1.1.3

Oracle PCA Release 1.1.3 is a maintenance release. This section describes functional changes, improvements and bug fixes compared to the previous release.

OpenSSL Security Upgrade

Release 1.1.3 is an errata release that eliminates the OpenSSL security issue CVE-2014-0160 – commonly known as the 'heartbleed bug'. This release of the Oracle PCA software contains an upgraded OpenSSL package that is not affected by the vulnerability in question.

Oracle has published an article on Oracle Technology Network to document the current status of its products with respect to OpenSSL security: https://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

Bugs Fixed in Release 1.1.3

The following table lists bugs that have been fixed in Oracle PCA Release 1.1.3.

Table 2.10 List of Fixed Bugs

Bug ID



OpenSSL 'Heartbleed' Vulnerability Affects Management Nodes

The patched version of OpenSSL is included in the errata Release 1.1.3 of the Oracle PCA software stack. An upgrade to Release 1.1.3 eliminates the 'heartbleed' vulnerability.


OpenSSL upgrade required in Oracle PCA code base

All builds of the Oracle PCA software Release 1.1.3 and later include a version of the OpenSSL package that is not compromised by the 'heartbleed' vulnerability.