Feeds

Oracle working on at least 13 Heartbleed fixes

Big Red's cloud is safe and Oracle Linux 6 has been patched, but Java has some issues

The essential guide to IT transformation

Oracle has emitted its formal advice about Heartbleed, revealing it has 13 products that need a patch and 14 more “which may be vulnerable”.

Detailed here, Oracle points out that all its cloud services should be Heartbleed-proof, and that six of its products – including Oracle Linux 6 and Solaris 11.2 – were vulnerable but can be patched with existing updates.

The news is not so good for the following products, as Oracle puts them in a bucket containing software that is “... likely vulnerable …. but for which no fixes are yet available.”

  1. BlueKai
  2. Java ME - JSRs and Optional Packages
  3. Java ME - Mobile and Wireless
  4. MySQL Connector/C
  5. MySQL Connector/ODBC
  6. MySQL Workbench
  7. Oracle Communication Application Session Controller
  8. Oracle Communication Session Monitor
  9. Oracle Communications Internet Name and Address Management
  10. Oracle Communications Interactive Session Recorder 5.1
  11. Oracle Communications Network
  12. Oracle Communications WebRTC Session Controller
  13. Primavera P6 Prof Project Management

Big Red also has another list of “products still under investigation, which may be vulnerable”. That list includes Oracle-branded fiber channel switches from Cisco and Qlogic, and the Sun Storage Common Array Manager.

Oracle has not, however, committed to a timetable to deliver patches. The post we've linked to says “Global Product Security will continue to follow up with the various product development teams within Oracle to monitor the creation of the appropriate fixes, determine whether additional products may be affected, and whether updated mitigation instructions are required.”

The post also says “ … future Patchsets and Critical Patch Updates for affected Oracle products may include the necessary patches to remove this vulnerability.”

That's a rather different approach to VMware's decision to get all the patches it needs to make done this week. Which do you prefer? ®

5 things you didn’t know about cloud backup

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.