Bug 44330

Critical

GemStone/S 64 Bit

3.2, 3.1.0.6, 3.1.0.5, 3.1.0.4, 3.1.0.3, 3.1.0.2, 3.1.0.1, 3.1, 3.0.1, 3.0

3.2.1

OpenSSL security advisory for 1.0.1g on June 5, 2014

The OpenSSL cryptographic library, used by GemStone for RPC session logins (client-to-gem connections), has a security advisory for version 1.0.1g and earlier.

More information can be found at https://www.openssl.org/news/secadv/20140605.txt

Workaround

This bug has been fixed in OpenSSL version 1.0.1h, and this is included in GemStone/S 64 Bit version 3.2.1.  We recommend all customers upgrade to version 3.2.1 or later.

GemStone uses OpenSSL as a shared library which can be replaced with minimal disruption; if you believe this bug is a significant risk, contact GemTalk Technical support for the GemTalk OpenSSL libraries for your platform.


Last updated: 8/31/15