Alert GCSA-10038 - Oracle Critical Patch Update (Aprile 2010)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10038
Data : 14 aprile 2010
Titolo : Oracle Critical Patch Update (Aprile 2010)
******************************************************************
:: Descrizione del problema
Oracle ha rilasciato una Critical Patch Update per il mese di
aprile 2010 con lo scopo di correggere 47 vulnerabilita' presenti
in vari prodotti e componenti Oracle e 16 vulnerabilita' presenti
in Sun Solaris.
:: Software interessato
Oracle Database 11g, versioni 11.1.0.7 e 11.2.0.1
Oracle Database 10g Release 2, versioni 10.2.0.3 e 10.2.0.4
Oracle Database 10g, versione 10.1.0.5
Oracle Database 9i Release 2, versioni 9.2.0.8 e 9.2.0.8DV
Oracle Application Server 10gR2, versione 10.1.2.3.0
Oracle Identity Management 10g, versioni 10.1.4.0.1 e 10.1.4.3
Oracle Collaboration Suite 10g, versione 10.1.2.4
Oracle E-Business Suite Release 12, versioni 12.0.4, 12.0.5, 12.0.6,
12.1.1 e 12.1.2
Oracle E-Business Suite Release 11i, versioni 11.5.10 e 11.5.10.2
Oracle Transportation Manager, versioni 5.5.05.07, 5.5.06.00, e 6.0.03
Oracle Agile - Engineering Data Management, versione 6.1.1.0
PeopleSoft Enterprise PeopleTools, versioni 8.49 e 8.50
Oracle Communications Unified Inventory Management versione 7.1
Oracle Clinical Remote Data Capture Option versioni 4.5.3 e 4.6
Oracle Thesaurus Management System versioni 4.5.2, 4.6 e 4.6.1
Oracle Retail Markdown Optimization versione 13.1
Oracle Retail Place In-Season versione 12.2
Oracle Retail Plan In-Season versione 12.2
Oracle Sun Products Suite
:: Impatto
Esecuzione remota di codice o comandi arbitrari
Information disclosure
Denial of service
Accesso ad informazioni sensibili
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
:: Riferimenti
Oracle Critical Patch Update Advisory - Aprile 2010
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
Sun Security Blog
http://blogs.sun.com/security/
Technical Cyber Security Alert TA10-103B
http://www.us-cert.gov/cas/techalerts/TA10-103B.html
Secunia
http://secunia.com/advisories/39339/
http://secunia.com/advisories/39257/
http://secunia.com/advisories/39139/
http://secunia.com/advisories/39442/
http://secunia.com/advisories/39443/
http://secunia.com/advisories/39441/
http://secunia.com/advisories/39440/
http://secunia.com/advisories/39439/
Securityfocus
http://www.securityfocus.com/bid/39423
http://www.securityfocus.com/bid/37926
http://www.securityfocus.com/bid/39418
http://www.securityfocus.com/bid/39421
http://www.securityfocus.com/bid/39422
http://www.securityfocus.com/bid/39424
http://www.securityfocus.com/bid/39425
http://www.securityfocus.com/bid/39426
http://www.securityfocus.com/bid/39427
http://www.securityfocus.com/bid/39428
http://www.securityfocus.com/bid/39429
http://www.securityfocus.com/bid/39430
http://www.securityfocus.com/bid/39431
http://www.securityfocus.com/bid/39432
http://www.securityfocus.com/bid/39433
http://www.securityfocus.com/bid/39434
http://www.securityfocus.com/bid/39435
http://www.securityfocus.com/bid/39436
http://www.securityfocus.com/bid/39437
http://www.securityfocus.com/bid/39438
http://www.securityfocus.com/bid/39439
http://www.securityfocus.com/bid/39441
http://www.securityfocus.com/bid/39442
http://www.securityfocus.com/bid/39443
http://www.securityfocus.com/bid/39444
http://www.securityfocus.com/bid/39445
http://www.securityfocus.com/bid/39447
http://www.securityfocus.com/bid/39448
http://www.securityfocus.com/bid/39450
http://www.securityfocus.com/bid/39451
http://www.securityfocus.com/bid/39452
http://www.securityfocus.com/bid/39454
-----BEGIN PGP SIGNATURE-----
iQCVAwUBS8XVjvOB+SpikaiRAQK+hAP/a3dD/1Jdm54wUzCkFHrhSeZWNXZzc+N/
hBxELV9iTa0QIaCW6ra0ShF0jF/J83qeJN68RaXhHAXMRgDD+eBO7YgPRTIe0kiv
ZPmTPyewcQjsdOgnrfClWsAz2y7GHPXGk8vlvTz2Dcb08aO6+/lorfMK0fPb4TnW
HAvrXAHD9ZA=
=Ij+o
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10038
Data : 14 aprile 2010
Titolo : Oracle Critical Patch Update (Aprile 2010)
******************************************************************
:: Descrizione del problema
Oracle ha rilasciato una Critical Patch Update per il mese di
aprile 2010 con lo scopo di correggere 47 vulnerabilita' presenti
in vari prodotti e componenti Oracle e 16 vulnerabilita' presenti
in Sun Solaris.
:: Software interessato
Oracle Database 11g, versioni 11.1.0.7 e 11.2.0.1
Oracle Database 10g Release 2, versioni 10.2.0.3 e 10.2.0.4
Oracle Database 10g, versione 10.1.0.5
Oracle Database 9i Release 2, versioni 9.2.0.8 e 9.2.0.8DV
Oracle Application Server 10gR2, versione 10.1.2.3.0
Oracle Identity Management 10g, versioni 10.1.4.0.1 e 10.1.4.3
Oracle Collaboration Suite 10g, versione 10.1.2.4
Oracle E-Business Suite Release 12, versioni 12.0.4, 12.0.5, 12.0.6,
12.1.1 e 12.1.2
Oracle E-Business Suite Release 11i, versioni 11.5.10 e 11.5.10.2
Oracle Transportation Manager, versioni 5.5.05.07, 5.5.06.00, e 6.0.03
Oracle Agile - Engineering Data Management, versione 6.1.1.0
PeopleSoft Enterprise PeopleTools, versioni 8.49 e 8.50
Oracle Communications Unified Inventory Management versione 7.1
Oracle Clinical Remote Data Capture Option versioni 4.5.3 e 4.6
Oracle Thesaurus Management System versioni 4.5.2, 4.6 e 4.6.1
Oracle Retail Markdown Optimization versione 13.1
Oracle Retail Place In-Season versione 12.2
Oracle Retail Plan In-Season versione 12.2
Oracle Sun Products Suite
:: Impatto
Esecuzione remota di codice o comandi arbitrari
Information disclosure
Denial of service
Accesso ad informazioni sensibili
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
:: Riferimenti
Oracle Critical Patch Update Advisory - Aprile 2010
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
Sun Security Blog
http://blogs.sun.com/security/
Technical Cyber Security Alert TA10-103B
http://www.us-cert.gov/cas/techalerts/TA10-103B.html
Secunia
http://secunia.com/advisories/39339/
http://secunia.com/advisories/39257/
http://secunia.com/advisories/39139/
http://secunia.com/advisories/39442/
http://secunia.com/advisories/39443/
http://secunia.com/advisories/39441/
http://secunia.com/advisories/39440/
http://secunia.com/advisories/39439/
Securityfocus
http://www.securityfocus.com/bid/39423
http://www.securityfocus.com/bid/37926
http://www.securityfocus.com/bid/39418
http://www.securityfocus.com/bid/39421
http://www.securityfocus.com/bid/39422
http://www.securityfocus.com/bid/39424
http://www.securityfocus.com/bid/39425
http://www.securityfocus.com/bid/39426
http://www.securityfocus.com/bid/39427
http://www.securityfocus.com/bid/39428
http://www.securityfocus.com/bid/39429
http://www.securityfocus.com/bid/39430
http://www.securityfocus.com/bid/39431
http://www.securityfocus.com/bid/39432
http://www.securityfocus.com/bid/39433
http://www.securityfocus.com/bid/39434
http://www.securityfocus.com/bid/39435
http://www.securityfocus.com/bid/39436
http://www.securityfocus.com/bid/39437
http://www.securityfocus.com/bid/39438
http://www.securityfocus.com/bid/39439
http://www.securityfocus.com/bid/39441
http://www.securityfocus.com/bid/39442
http://www.securityfocus.com/bid/39443
http://www.securityfocus.com/bid/39444
http://www.securityfocus.com/bid/39445
http://www.securityfocus.com/bid/39447
http://www.securityfocus.com/bid/39448
http://www.securityfocus.com/bid/39450
http://www.securityfocus.com/bid/39451
http://www.securityfocus.com/bid/39452
http://www.securityfocus.com/bid/39454
-----BEGIN PGP SIGNATURE-----
iQCVAwUBS8XVjvOB+SpikaiRAQK+hAP/a3dD/1Jdm54wUzCkFHrhSeZWNXZzc+N/
hBxELV9iTa0QIaCW6ra0ShF0jF/J83qeJN68RaXhHAXMRgDD+eBO7YgPRTIe0kiv
ZPmTPyewcQjsdOgnrfClWsAz2y7GHPXGk8vlvTz2Dcb08aO6+/lorfMK0fPb4TnW
HAvrXAHD9ZA=
=Ij+o
-----END PGP SIGNATURE-----