SECURITY VULNERABILITY NOTIFICATION
On September 26, 2016, the OpenSSL organization announced the following security vulnerabilities in the OpenSSL library, https://www.openssl.org/news/secadv/20160926.txt
Fix Use After Free for large message sizes (CVE-2016-6309)
OpenSSL Severity: Critical
Impact: Only impacts OpenSSL 1.1.0 users. Our ODBC drivers are not impacted.
Missing CRL sanity check (CVE-2016-7052)
OpenSSL Severity: Moderate
Impact: This issue only affects OpenSSL 1.0.2i.
Our ODBC drivers are not impacted.
IMPACT ASSESSMENT
The Progress DataDirect ODBC on-premise drivers, SequeLink and OpenAccess products support OpenSSL 1.0.2h. Based on our assessment of these vulnerabilities, those products are not affected by the vulnerabilities listed above, and will not be updated with the latest version of the OpenSSL library.