My Oracle Support Banner

Oracle HSM (SAM-QFS): Protect Against SSL Poodle Vulnerability, CVE-2014-3566 (Doc ID 1959855.1)

Last updated on APRIL 17, 2017

Applies to:

Oracle Hierarchical Storage Manager (HSM) and StorageTek QFS Software - Version 5.3 and later
Information in this document applies to any platform.

Goal

A security vulnerability affecting SSL v3.0 was recently publicly disclosed (Padding Oracle On Downgraded Legacy Encryption, or Poodle.). This security vulnerability is the result of a design flaw in SSL v3.0. This vulnerability has received the identifier CVE-2014-3566.

To protect against this vulnerability, upgrade SAM-QFS, to bring open SSL from openSSL-0.9.8za (Poodle susceptible) to an openSSL-0.9.8zc level.

Note: If the SAM-QFS GUI, which used the 'fsmgr_setup' script to install the SUNWfsmgrr & SUNWfsmgru packages, was not installed, then Engineering feels there is no risk at all in hitting this security issue.

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.