Rocket Software releases UniVerse 126.96.36.19940 patch
On April 7, 2014, an OpenSSL 1.0.1c vulnerability referred to as "Heartbleed" was announced. This
means some protected information on a system, such as customers' private key or user credentials,
may have been exposed to a malicious party or could even lead to a full compromise of SSL traffic.
This issue may affect customers on Rocket UniVerse 11.2.0, 11.2.1, and 11.2.2, Rocket U2 ODBC, and
64-bit UV ODBC clients released from NOV2012 onward, as they were built using the OpenSSL 1.0.1c
libraries. Previous versions of UniVerse are not affected because they use the 0.9.7 release of OpenSSL
libraries, which is not affected by this vulnerability.
UniVerse 11.2.3 is not exposed to the Heartbleed vulnerability as it incorporates an interim fix to the
OpenSSL 1.0.1c library, disabling the heartbeat flag as described in UNV-18620. Future versions of
UniVerse will include the OpenSSL 1.0.1g library.
Other fixes are also supplied to the SQL and Transaction Logging components.