Alert GCSA-08072 - Oracle Critical Patch Update (Luglio 2008)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08072
Data : 17 Luglio 2008
Titolo : Oracle Critical Patch Update (Luglio 2008)
******************************************************************
:: Descrizione del problema
Oracle ha rilasciato una Critical Patch Update Luglio 2008.
Tale aggiornamento e' una collezione di patch nata per porre
soluzione a 45 difetti di sicurezza presenti in vari prodotti
Oracle.
:: Software interessato
Oracle Database 11g, version 11.1.0.6
Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3, 10.2.0.4
Oracle Database 10g, version 10.1.0.5
Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
Oracle TimesTen In-Memory Database version 7.0.3.0.0
Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.1.0, 10.1.3.3.0
Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.2.0, 10.1.2.3.0
Oracle Application Server 10g (9.0.4), version 9.0.4.3
Oracle Hyperion BI Plus version 9.2.0.3, 9.2.1.0,and 9.3.1.0
Oracle Hyperion Performance Suite version 8.3.2.4, and 8.5.0.3
Oracle E-Business Suite Release 12, version 12.0.4
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle Enterprise Manager Database Control 11i version 11.1.0.6
Oracle Enterprise Manager Database Control 10g Release 2, versions 10.2.0.2, 10.2.0.3, 10.2.0.4
Oracle Enterprise Manager Database Control 10g Release 1, version 10.1.0.5
Oracle Enterprise Manager Grid Control 10g Release 1, versions 10.1.0.5, 10.1.0.6
Oracle PeopleSoft Enterprise PeopleTools versions 8.48.17, 8.49.11
Oracle PeopleSoft Enterprise CRM version 8.9, 9.0
Oracle WebLogic Server (formerly BEA WebLogic Server) 10.0 released through MP1
Oracle WebLogic Server (formerly BEA WebLogic Server) 9.0, 9.1, 9.2 released through MP3
Oracle WebLogic Server (formerly BEA WebLogic Server) 8.1 released through SP6
Oracle WebLogic Server (formerly BEA WebLogic Server) 7.0 released through SP7
Oracle WebLogic Server (formerly BEA WebLogic Server) 6.1 released through SP7
:: Impatto
Security Bypass
Exposure of sensitive information
Privilege escalation
DoS
System access
L'impatto dellee vulnerabilita' varia in base alla configurazione
del sistema, del prodotto o della componente considerata.
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html
:: Riferimenti
Oracle Critical Patch Updates and Security Alerts
http://www.oracle.com/technology/deploy/security/alerts.htm
SecurityFocus
http://www.securityfocus.com/bid/30177
FrSirt
http://www.frsirt.com/english/advisories/2008/2109
Secunia
http://secunia.com/advisories/31087/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2603
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2580
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSH8oGvOB+SpikaiRAQJODwQAoyoQQR22U3sLfXsQqPHkiwBWv9ijNCr9
HW/IfWGDbLPFNNJwwXru/9xlsXaSF5ne3JOfmajCSSgeuqmz/iqpBTSC+8GkLZpL
Jmhvyu4WcFU7VqcPCUivmf/rt42vxJo3uaGWC2lOPBQplKcFGcDavcLsbCHVFnZH
FU31oon/G7M=
=yI8E
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08072
Data : 17 Luglio 2008
Titolo : Oracle Critical Patch Update (Luglio 2008)
******************************************************************
:: Descrizione del problema
Oracle ha rilasciato una Critical Patch Update Luglio 2008.
Tale aggiornamento e' una collezione di patch nata per porre
soluzione a 45 difetti di sicurezza presenti in vari prodotti
Oracle.
:: Software interessato
Oracle Database 11g, version 11.1.0.6
Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3, 10.2.0.4
Oracle Database 10g, version 10.1.0.5
Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
Oracle TimesTen In-Memory Database version 7.0.3.0.0
Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.1.0, 10.1.3.3.0
Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.2.0, 10.1.2.3.0
Oracle Application Server 10g (9.0.4), version 9.0.4.3
Oracle Hyperion BI Plus version 9.2.0.3, 9.2.1.0,and 9.3.1.0
Oracle Hyperion Performance Suite version 8.3.2.4, and 8.5.0.3
Oracle E-Business Suite Release 12, version 12.0.4
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle Enterprise Manager Database Control 11i version 11.1.0.6
Oracle Enterprise Manager Database Control 10g Release 2, versions 10.2.0.2, 10.2.0.3, 10.2.0.4
Oracle Enterprise Manager Database Control 10g Release 1, version 10.1.0.5
Oracle Enterprise Manager Grid Control 10g Release 1, versions 10.1.0.5, 10.1.0.6
Oracle PeopleSoft Enterprise PeopleTools versions 8.48.17, 8.49.11
Oracle PeopleSoft Enterprise CRM version 8.9, 9.0
Oracle WebLogic Server (formerly BEA WebLogic Server) 10.0 released through MP1
Oracle WebLogic Server (formerly BEA WebLogic Server) 9.0, 9.1, 9.2 released through MP3
Oracle WebLogic Server (formerly BEA WebLogic Server) 8.1 released through SP6
Oracle WebLogic Server (formerly BEA WebLogic Server) 7.0 released through SP7
Oracle WebLogic Server (formerly BEA WebLogic Server) 6.1 released through SP7
:: Impatto
Security Bypass
Exposure of sensitive information
Privilege escalation
DoS
System access
L'impatto dellee vulnerabilita' varia in base alla configurazione
del sistema, del prodotto o della componente considerata.
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html
:: Riferimenti
Oracle Critical Patch Updates and Security Alerts
http://www.oracle.com/technology/deploy/security/alerts.htm
SecurityFocus
http://www.securityfocus.com/bid/30177
FrSirt
http://www.frsirt.com/english/advisories/2008/2109
Secunia
http://secunia.com/advisories/31087/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2603
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2580
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSH8oGvOB+SpikaiRAQJODwQAoyoQQR22U3sLfXsQqPHkiwBWv9ijNCr9
HW/IfWGDbLPFNNJwwXru/9xlsXaSF5ne3JOfmajCSSgeuqmz/iqpBTSC+8GkLZpL
Jmhvyu4WcFU7VqcPCUivmf/rt42vxJo3uaGWC2lOPBQplKcFGcDavcLsbCHVFnZH
FU31oon/G7M=
=yI8E
-----END PGP SIGNATURE-----