domingo, 20 de abril de 2014

Security Alert for OpenSSL Heartbleed vulnerability CVE-2014-0160

April 18, 2014
Security Alert for OpenSSL Heartbleed vulnerability CVE-2014-0160

Dear Oracle Customer,

The Security Alert for OpenSSL Heartbleed vulnerability CVE-2014-0160 was released on April 18th, 2014. This Security Alert addresses CVE-2014-0160 ('Heartbleed'), a security vulnerability which affects multiple OpenSSL versions implemented by various vendors in their products. This vulnerability also affects multiple Oracle products.

Due to the severity and the reported exploitation of CVE-2014-0160 "in the wild," Oracle strongly recommends applying the patches as soon as possible.

The Security Alert for OpenSSL Heartbleed vulnerability CVE-2014-0160 is the starting point for relevant information. It includes links to other important documents that provide a list of affected products and the patch availability information.

Also, it is essential to review the Security Alert supporting documentation referenced in the Advisory before applying patches, as this is where you can find important information.

The Security Alert for OpenSSL Heartbleed vulnerability CVE-2014-0160 is available at the following location: Oracle Technology Network:
 
http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-2190703.html

All Oracle Critical Patch Updates and Security Alerts are available at the following location: Oracle Technology Network:
http://www.oracle.com/technetwork/topics/security/alerts-086861.html