IBM Support

JR50611: OPENSSL ISSUED A VULNERABILITY ADVISORY ON 05 JUN 2014. DO THE ICONNECT FOR ODBC DRIVERS HAVE VULNERABILITY TO ANY OF THE ITEMS

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as Vendor Solution.

Error description

  • All Connect for ODBC drivers and versions that support SSL are
    affected by the SSL/TLS MITM vulnerability (CVE-2014-0224).
    This will be resolved in an update to the drivers to use version
    1.0.0m of OpenSSL.
    

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

  • Install DataDirect DD 7.1.4 drivers.
    Fixed in Connect for ODBC hot fix 07.01.0044, 7.14.0053
    

APAR Information

  • APAR number

    JR50611

  • Reported component name

    WIS DATASTAGE

  • Reported component ID

    5724Q36DS

  • Reported release

    910

  • Status

    CLOSED ISV

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2014-06-27

  • Closed date

    2014-08-26

  • Last modified date

    2014-08-26

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSVSEF","label":"IBM InfoSphere DataStage"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.1","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
26 August 2014