Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-79-1666850.1
Update Date:2018-04-25
Keywords:
Solution Type  Predictive Self-Healing Sure

Solution  1666850.1 :   Pillar Axiom: Is AxiomONE or Maxrep software affected by OpenSSL Bug Heartbleed / CVE-2014-0160  

Related Items 
    

  • Pillar Axiom 300 Storage System
    •  
  • Pillar Axiom Replication Engine (MaxRep)
    •  
  • Pillar Axiom 500 Storage System
    •  
  • Pillar Axiom 600 Storage System
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>DISK>Axiom>SN-DK: Ax600
    •  






In this Document


Purpose


Scope


Details




Applies to:  

Pillar Axiom 500 Storage System - Version All Versions to All Versions [Release All Releases]
Pillar Axiom 600 Storage System - Version All Versions to All Versions [Release All Releases]
Pillar Axiom 300 Storage System - Version All Versions to All Versions [Release All Releases]
Pillar Axiom Replication Engine (MaxRep) - Version 2.0 to 3.0 [Release 2.0 to 3.0]
Information in this document applies to any platform.



Purpose



Pillar Axiom: Is AxiomONE or Maxrep software affected by OpenSSL Bug Heartbleed / CVE-2014-0160


Scope


 


Details



From http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html:




In April 2014, a vulnerability affecting certain versions of the OpenSSL cryptographic software library was publicly disclosed.  For the purpose of this Note, this vulnerability will be referred by its CVE number:  CVE-2014-0160.  For more information about this vulnerability, see http://heartbleed.com/ (note that this site is not affiliated with Oracle).


The Bug was introduced on the 14th of March 2012 with the release of OpenSSL 1.0.1. The fix was released on the 7th of April 2014 with version 1.0.1g.


Summary:


·         OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable to CVE-2014-0160


·         OpenSSL 1.0.1g is NOT vulnerable to CVE-2014-0160


·         OpenSSL 1.0.0 branch is NOT vulnerable to CVE-2014-0160


·         OpenSSL 0.9.8 branch is NOT vulnerable to CVE-2014-0160


·         OpenSSL 0.9.7 branch is NOT vulnerable to CVE-2014-0160


 


None of the AxiomONE nor Maxrep version is affected by the OpenSSL bug.


 



Internal Only


The versions of OpenSSL are kept internal for security purposes.


 


AxiomONE 








Branch




OpenSSL version








04.05.xx - 04.06 .xx




OpenSSL 0.9.8a 11 Oct 2005








05.03.xx - 05.04.xx




OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008








06.01.00-010800




OpenSSL 1.0.0-fips 29 Mar 2010








 


Maxrep








Branch




OpenSSL version








MaxRep R2




OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008








MaxRep R3




OpenSSL 1.0.0-20









 




 



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback