Alert GCSA-09004 - Oracle Critical Patch Update (Gennaio 2009)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
**********************************************************************
Alert ID : GCSA-09004
Data : 19 gennaio 2009
Titolo : Oracle Critical Patch Update (Gennaio 2009)
**********************************************************************
:: Descrizione del problema
Oracle ha rilasciato la Critical Patch Update di Gennaio 2009.
Tale aggiornamento e' una collezione di patch nata per porre
soluzione a varie vulnerabilita' presenti in alcuni prodotti
Oracle.
:: Software interessato
Oracle Database 11g, versione 11.1.0.6
Oracle Database 10g Release 2, versioni 10.2.0.2, 10.2.0.3, e
10.2.0.4
Oracle Database 10g, versione 10.1.0.5
Oracle Database 9i Release 2, versioni 9.2.0.8 e 9.2.0.8DV
Oracle Secure Backup, versioni 10.1.0.1, 10.1.0.2, 10.1.0.3,
10.2.0.2, e 10.2.0.3
Oracle TimesTen In-Memory Database, versioni 7.0.5.1.0, 7.0.5.2.0,
7.0.5.3.0, e 7.0.5.4.0
Oracle Application Server 10g Release 3 (10.1.3), versione
10.1.3.3.0
Oracle Application Server 10g Release 2 (10.1.2), versioni
10.1.2.2.0 e 10.1.2.3.0
Oracle Collaboration Suite 10g, versione 10.1.2
Oracle E-Business Suite Release 12, versione 12.0.6
Oracle E-Business Suite Release 11i, versione 11.5.10.2
Oracle Enterprise Manager Grid Control 10g Release 4, versione
10.2.0.4
PeopleSoft Enterprise HRMS, versioni 8.9 e 9.0
JD Edwards Tools, versione 8.97
Oracle WebLogic Server (formerly BEA WebLogic Server) 10.0
released through MP1, 10.3 GA
Oracle WebLogic Server (formerly BEA WebLogic Server) 9.0 GA,
9.1 GA, 9.2 released through MP3
Oracle WebLogic Server (formerly BEA WebLogic Server) 8.1 released
through SP6
Oracle WebLogic Server (formerly BEA WebLogic Server) 7.0 released
through SP7
Oracle WebLogic Portal (formerly BEA WebLogic Portal) 10.0 released
through MP1, 10.2 GA, 10.3 GA
Oracle WebLogic Portal (formerly BEA WebLogic Portal) 9.2 released
through MP3
Oracle WebLogic Portal (formerly BEA WebLogic Portal) 8.1 released
through SP6
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
Information disclosure
L'impatto delle vulnerabilita' varia in base alla configurazione
del sistema, del prodotto o della componente considerata.
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html
:: Riferimenti
Oracle Critical Patch Updates and Security Alerts
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html
SecurityFocus BID
http://www.securityfocus.com/bid/33177
US-CERT - Technical Cyber Security Alert TA09-015A
http://www.us-cert.gov/cas/techalerts/TA09-015A.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5440
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSXSUkvOB+SpikaiRAQI80AP/Zxvxb7Q1ctQ2ndvnuLSHmQYt4VTymJk3
9yI/HZ05vj/yQ/Bru2iz+rr9J3idsmkZitaaBXaAN+ZDKk9XJFU1JybAQpCa7sTN
8DVgAqHVMTgAm9tJMUf+1+etMUzbBOHW5ga5UcNyqF3pfkMZ9qi4wrxyHtb25tMq
q31cKbfZYyY=
=/D5V
-----END PGP SIGNATURE-----
Hash: SHA1
**********************************************************************
Alert ID : GCSA-09004
Data : 19 gennaio 2009
Titolo : Oracle Critical Patch Update (Gennaio 2009)
**********************************************************************
:: Descrizione del problema
Oracle ha rilasciato la Critical Patch Update di Gennaio 2009.
Tale aggiornamento e' una collezione di patch nata per porre
soluzione a varie vulnerabilita' presenti in alcuni prodotti
Oracle.
:: Software interessato
Oracle Database 11g, versione 11.1.0.6
Oracle Database 10g Release 2, versioni 10.2.0.2, 10.2.0.3, e
10.2.0.4
Oracle Database 10g, versione 10.1.0.5
Oracle Database 9i Release 2, versioni 9.2.0.8 e 9.2.0.8DV
Oracle Secure Backup, versioni 10.1.0.1, 10.1.0.2, 10.1.0.3,
10.2.0.2, e 10.2.0.3
Oracle TimesTen In-Memory Database, versioni 7.0.5.1.0, 7.0.5.2.0,
7.0.5.3.0, e 7.0.5.4.0
Oracle Application Server 10g Release 3 (10.1.3), versione
10.1.3.3.0
Oracle Application Server 10g Release 2 (10.1.2), versioni
10.1.2.2.0 e 10.1.2.3.0
Oracle Collaboration Suite 10g, versione 10.1.2
Oracle E-Business Suite Release 12, versione 12.0.6
Oracle E-Business Suite Release 11i, versione 11.5.10.2
Oracle Enterprise Manager Grid Control 10g Release 4, versione
10.2.0.4
PeopleSoft Enterprise HRMS, versioni 8.9 e 9.0
JD Edwards Tools, versione 8.97
Oracle WebLogic Server (formerly BEA WebLogic Server) 10.0
released through MP1, 10.3 GA
Oracle WebLogic Server (formerly BEA WebLogic Server) 9.0 GA,
9.1 GA, 9.2 released through MP3
Oracle WebLogic Server (formerly BEA WebLogic Server) 8.1 released
through SP6
Oracle WebLogic Server (formerly BEA WebLogic Server) 7.0 released
through SP7
Oracle WebLogic Portal (formerly BEA WebLogic Portal) 10.0 released
through MP1, 10.2 GA, 10.3 GA
Oracle WebLogic Portal (formerly BEA WebLogic Portal) 9.2 released
through MP3
Oracle WebLogic Portal (formerly BEA WebLogic Portal) 8.1 released
through SP6
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
Information disclosure
L'impatto delle vulnerabilita' varia in base alla configurazione
del sistema, del prodotto o della componente considerata.
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html
:: Riferimenti
Oracle Critical Patch Updates and Security Alerts
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html
SecurityFocus BID
http://www.securityfocus.com/bid/33177
US-CERT - Technical Cyber Security Alert TA09-015A
http://www.us-cert.gov/cas/techalerts/TA09-015A.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5440
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSXSUkvOB+SpikaiRAQI80AP/Zxvxb7Q1ctQ2ndvnuLSHmQYt4VTymJk3
9yI/HZ05vj/yQ/Bru2iz+rr9J3idsmkZitaaBXaAN+ZDKk9XJFU1JybAQpCa7sTN
8DVgAqHVMTgAm9tJMUf+1+etMUzbBOHW5ga5UcNyqF3pfkMZ9qi4wrxyHtb25tMq
q31cKbfZYyY=
=/D5V
-----END PGP SIGNATURE-----