Products & Solutions  Resources  Support  Training & Services  About
US/Canadian Site 

Rocket BusinessConnect

Rocket UniVerse, Rocket UniData, Rocket U2 Clients and APIs Patch - OpenSSL Version 1.0.1m

Description of the problem

On Tuesday, March 3, 2015, an OpenSSL vulnerability referred to as Freak was announced. The vulnerability centers around the exposure of weak export ciphers that can cause a potential Man-In-the-Middle attack from determined people wanting to cause digital mischief.

On Thursday March 19, 2015, OpenSSL released further updates addressing multiple vulnerabilities, and one or more are classified as a high-severity issue. Exploitation could allow a remote attacker to cause a cause a Denial of Service attack against the server.

This issue may affect customers on:

Rocket UniData 7.3.7 or 8.1.0, Rocket U2 ODBC, and 64-bit U2 ODBC clients released from NOV2012 or later, as they were built using the OpenSSL 1.0.1 release libraries. All earlier versions of UniData are also affected, as they use the 0.9.7 release of OpenSSL libraries that cannot be patched. Users of UniData prior to version 7.3.7 are advised to upgrade as soon as possible. More information and related .zip files are available on the Rocket Customer Portal. For UniData and U2 Clients and APIs, see Tech notes UDT-14038 and UCC-3222. Contact your Rocket product support provider for the .zip files if you do not have access to the Rocket Customer Portal. UniData versions released after April 15, 2015 will include OpenSSL 1.0.1m or later.

Rocket UniVerse versions 11.2.0 - 11.2.4, Rocket U2 ODBC, and 64-bit UV ODBC clients released from NOV2012 or later, as they were built using the OpenSSL 1.0.1 release libraries. All earlier versions of UniVerse are also affected, as they use the 0.9.7 release of OpenSSL libraries that cannot be patched. Users of UniVerse prior to version 11.2.0 are advised to upgrade as soon as possible. More information and related .zips file are available on the Rocket Customer Portal. For UniVerse and U2 Clients and APIs see Tech notes UNV-21429 and UCC-3222. Contact your Rocket product support provider for the .zip files if you do not have access to the Rocket Customer Portal. UniVerse versions released after April 15, 2015 will include OpenSSL 1.0.1m or later.

Included in this patch

The OS-type101m.zip file for this patch contains the following:

These OS-type101m.zip files are available in the "Solutions Search" of the Rocket Customer Portal (RCP). Access to the portal is provided to Rocket U2 Business Partners and Customers who receive direct support from Rocket Software. If your Rocket U2 product support is provided by a Rocket Business Partner, contact the Partner to obtain the fix.

Search the RCP for the following Solutions to obtain the OS-type101m.zip files

For more information about the Freak and other vulnerabilities, visit

https://www.smacktls.com/

https://freakattack.com/

http://nmap.org

http://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html

http://www.openssl.org