Security Issue in ArcGIS Server

I believe SDE software is bundled with ArcGIS Server.  As such, does this mean that this patch would need to be applied to SDE databases as well as ArcGIS Server servers?

I downloaded the msp file and it is only 44 KB whereas the Oracle Critical patch msp file was 10,120 KB.  Is this security patch really only 44 KB (I'm just wondering if the download did not run completely)?

I do not think that this patch requires an Enterprise Geodatabase upgrade and from the description of the issue it is a server based issue, not geodatabase.

Update: I think that if there is a EGDB upgrade required that there will be a patch for the Desktop client also. Just my thought.

I downloaded the 10.6 version of the patch and it was 108kb.

I get the following warning when I perform the download

So I'm wondering if my antivirus software or group policy exceptions list is preventing the full patch download.  Is anyone else seeing this warning and getting a very small file size for the downloaded patch?

I got the same message in Chrome, then hit the "Keep" button. 

The patch is about 44 kb.  It is small.  If at any point you want to make sure you have the real and complete files, you can download a tool called md5sum.  You can run this tool at the command line, for example,

md5sum c:\users\david-or-whatever-your-account-is-called\downloads\ArcGIS-106-S-IACS-Patch.msp

This will then provide a value and you can compare it to the md5 value posted on the patch page.  For instance for the Windows 10.6 version of this patch, the checksum is 8B246B657A6015CC19D66382D6720BEE.  This way you can be sure you have the patch we posted.

It'd be ironic if there was an issue with the certificates for a site dedicated to security related problems, but it seems to work for me:

Perhaps your browser doesn't have the DigiCert certificates trusted? If you hit f12 on your keyboard, what's the reason it says it's untrusted?