The OpenSSL cryptographic library, used by GemStone/S 64 Bit (version
3.0.0 and later only) for RPC session logins (client-to-gem
connections), has a critical security bug that potentially allows
private memory to be exposed to third parties.
There are two versions for most platforms, 32-bit and 64-bit. These
libraries replace the SSL libraries shipped in $GEMSTONE/lib and
$GEMSTONE/lib32 (%GEMSTONE%\bin on Windows). The libraries on the
download site are named for version 188.8.131.52; if you are patching an
older version of GemStone, rename them to match the existing SSL
libraries in $GEMSTONE/lib and $GEMSTONE/lib32.
We will publish a bug note with this information soon. No action is
necessary for versions of the 64-bit product prior to 3.0.0 or any
32-bit GemStone/S version; these versions do not use OpenSSL.
Please contact GemTalk customer support if you have any questions
about this patch.