Posted by Kashif Manzoor on 16th April 2014
Heartbleed leads to ‘heartattack’ 🙂 during earlier this week to all Internet users and companies due to the OpenSSL Security vulnerability. Thought to share Oracle’s take on different Oracle Products depend on OpenSSL, you can go through following docs:
OpenSSL Security Bug-Heartbleed (Doc ID 1645479.1)
And public link of the info provided by Oracle:
other information to refer
Update on 18-April-2014:
Oracle has issued Security Alert for OpenSSL Heartbleed vulnerability CVE-2014-0160 by describing as:
The Security Alert for OpenSSL Heartbleed vulnerability CVE-2014-0160 was released on April 18th, 2014. This Security Alert addresses CVE-2014-0160 (‘Heartbleed’), a security vulnerability which affects multiple OpenSSL versions implemented by various vendors in their products. This vulnerability also affects multiple Oracle products.
Due to the severity and the reported exploitation of CVE-2014-0160 “in the wild,” Oracle strongly recommends applying the patches as soon as possible.
The Security Alert for OpenSSL Heartbleed vulnerability CVE-2014-0160 is the starting point for relevant information. It includes links to other important documents that provide a list of affected products and the patch availability information.
Also, it is essential to review the Security Alert supporting documentation referenced in the Advisory before applying patches, as this is where you can find important information.
The Security Alert for OpenSSL Heartbleed vulnerability CVE-2014-0160 is available at the following location: Oracle Technology Network: http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-2190703.html
All Oracle Critical Patch Updates and Security Alerts are available at the following location: Oracle Technology Network: http://www.oracle.com/technetwork/topics/security/alerts-086861.html