Exadata and the OpenSSL/”HeartBleed” Exploit

Oracle have published MOS 1645479.1 which describes the impact of the OpenSSL/”HeartBleed” exploit on their products.

It appears that the individual components of Exadata – with the exception of OEM Cloud/Grid Control – are NOT impacted by the OpenSSL/HeartBleed bug.

Obviously, this depends on your software stack, so I urge you to read 1645479.1 as soon as possible.

Exadata-related products which, while using OpenSSL, were never vulnerable:

  • Audit Vault
  • Exadata (prod 2546)
  • Exalogic
  • ILOM 3.2.2 and earlier
  • NM2 IB switches
  • NM2-36P InfiniBand switches
  • Oracle Linux 5 (watch out for EL 6 – this IS vulnerable, but has a fix!)
  • Oracle Secure Backup 10.2 and 10.3
  • Oracle ZFS Storage Appliance
  • Sun System Firmware

Exadata-related products which are likely vulnerable but have no fixes yet available:

  • EM Cloud Control
  • EM Grid Control

Exadata-related products which do NOT include OpenSSL:

  • Database
  • JavaVM
  • Linux 5
Advertisements
Tagged , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: