JR52138: ARE DATADIRECT ODBC DRIVERS AFFECTED BY THE SSLV3 POODLE VULNERABILITY?

IBM InfoSphere Information Server, Version 11.3.1.2 (Fix Pack 2)

APAR status

• Closed as Vendor Solution.

Error description

• Progress DataDirect has reviewed Connect ODBC product and
  identified the following drivers impacted:
  Oracle Wire Protocol ODBC drivers
  Oracle Client ODBC driver
  SQL Server Wire Protocol ODBC drivers
  SQL Server Legacy ODBC driver
  DB2 ODBC drivers
  PostgreSQL ODBC drivers
  MySQL ODBC drivers
  Greenplum ODBC drivers
  Sybase ODBC drivers
  Teradata Client ODBC driver
  OpenEdge ODBC drivers
  Amazon Redshift ODBC drivers
  Salesforce ODBC drivers
  

Local fix

• The Connect for Oracle Wire Protocol ODBC driver version 6.1 and
  higher can be configured to disable SSLv3 and avoid the POODLE
  vulnerability by setting the connect option EncryptionMethod=5.
  
  The SQL Server Legacy ODBC driver and client-based Connect ODBC
  drivers (Oracle Client, Informix Client, and Teradata Client)
  rely on the vendor-specific client libraries for SSL. Please
  consult the vendor-specific client library documentation for
  possible mitigation steps to avoid the POODLE vulnerability.
  

Problem summary

Problem conclusion

Temporary fix

Comments

• http://www-01.ibm.com/support/docview.wss?uid=swg21693199
  http://www-01.ibm.com/support/docview.wss?uid=swg21693662
  QA'ed hotfix numbers :
  
  SQL Server 07.14.0197 (B0190, U0135)
  PostgreSQL 07.14.0165 (B0190, U0135)
  Greenplum 07.14.0166 9B0190, U0135)
  MySQL 07.14.0127 (B0189, U0134)
  Sybase 07.14.0143 (B0189, U0134)
  Oracle 07.14.0194 (B0189, U0134)
  OpenEdge 07.14.0136 (B0197, U0139)
  DB2 07.14.0191 (B0202, U0140)
  

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels