Oracle HSM (SAM-QFS): Protect Against SSL Poodle Vulnerability, CVE-2014-3566 (Doc ID 1959855.1)

Last updated on APRIL 17, 2017

Applies to:

Oracle Hierarchical Storage Manager (HSM) and StorageTek QFS Software - Version 5.3 and later
Information in this document applies to any platform.

Goal

A security vulnerability affecting SSL v3.0 was recently publicly disclosed (Padding Oracle On Downgraded Legacy Encryption, or Poodle.). This security vulnerability is the result of a design flaw in SSL v3.0. This vulnerability has received the identifier CVE-2014-3566.

To protect against this vulnerability, upgrade SAM-QFS, to bring open SSL from openSSL-0.9.8za (Poodle susceptible) to an openSSL-0.9.8zc level.

Note: If the SAM-QFS GUI, which used the 'fsmgr_setup' script to install the SUNWfsmgrr & SUNWfsmgru packages, was not installed, then Engineering feels there is no risk at all in hitting this security issue.

 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms