Alert GCSA-08042 - Oracle Critical Patch Update (Aprile 2008)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
:: Descrizione del problema
Oracle ha rilasciato una Critical Patch Update per il mese
di Aprile 2008.
Tale aggiornamento e' una collezione di patch nata per porre soluzione
a 41 difetti di sicurezza presenti in vari prodotti Oracle. La piu'
critica tra le vulnerabilita' puo' portare alla compromissione di
sistema.
:: Prodotti e versioni interessate:
Oracle Database 11g, version 11.1.0.6
Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3
Oracle Database 10g, version 10.1.0.5
Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
Oracle Application Server 10g Release 3 (10.1.3),
versions 10.1.3.1.0, 10.1.3.3.0
Oracle Application Server 10g Release 2 (10.1.2),
versions 10.1.2.0.2, 10.1.2.1.0, 10.1.2.2.0
Oracle Application Server 10g (9.0.4), version 9.0.4.3
Oracle Collaboration Suite 10g, version 10.1.2
Oracle E-Business Suite Release 12, version 12.0.4
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle PeopleSoft Enterprise PeopleTools
versions 8.22.19, 8.48.16, 8.49.09
Oracle PeopleSoft Enterprise HCM versions 8.8 SP1, 8.9, 9.0
Oracle Siebel SimBuilder versions 7.8.2, 7.8.5
:: Impatto
denial of service
esecuzione di comandi arbitrari
lettura e sovrascrittura di dati arbitrari
esposizione di dati sensibili
SQL injection ed attacchi di tipo cross site scripting
bypass delle restrizioni di sicurezza
L'impatto delle vulnerabilita' varia in base alla configurazione
del sistema.
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html
:: Riferimenti
Oracle Critical Patch Update:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html
CIAC:
http://www.ciac.org/ciac/bulletins/s-264.shtml
Secunia:
http://secunia.com/advisories/29829/
FrSirt:
http://www.frsirt.com/english/advisories/2008/1233
SecurityFocus:
http://www.securityfocus.com/bid/28725
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1831
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSAhmXfOB+SpikaiRAQK4ZwP7B6BTbOAagtULhn9kPl0NwoSL3AUqrUXd
zerBD8z/Ie1b3ycEHQwYDkERqzfgfZT4d4qPvIdfzWJIEQdFyuw0BssPWN3vm42T
YMnJ9ZXi9tu9usIZZy+s+/NLi6YwBEbO/LnoWk6EaZeY7I7+ehrNMdY1NVptpzFZ
3jqcrSCi8bg=
=fdc8
-----END PGP SIGNATURE-----
Hash: SHA1
:: Descrizione del problema
Oracle ha rilasciato una Critical Patch Update per il mese
di Aprile 2008.
Tale aggiornamento e' una collezione di patch nata per porre soluzione
a 41 difetti di sicurezza presenti in vari prodotti Oracle. La piu'
critica tra le vulnerabilita' puo' portare alla compromissione di
sistema.
:: Prodotti e versioni interessate:
Oracle Database 11g, version 11.1.0.6
Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3
Oracle Database 10g, version 10.1.0.5
Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
Oracle Application Server 10g Release 3 (10.1.3),
versions 10.1.3.1.0, 10.1.3.3.0
Oracle Application Server 10g Release 2 (10.1.2),
versions 10.1.2.0.2, 10.1.2.1.0, 10.1.2.2.0
Oracle Application Server 10g (9.0.4), version 9.0.4.3
Oracle Collaboration Suite 10g, version 10.1.2
Oracle E-Business Suite Release 12, version 12.0.4
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle PeopleSoft Enterprise PeopleTools
versions 8.22.19, 8.48.16, 8.49.09
Oracle PeopleSoft Enterprise HCM versions 8.8 SP1, 8.9, 9.0
Oracle Siebel SimBuilder versions 7.8.2, 7.8.5
:: Impatto
denial of service
esecuzione di comandi arbitrari
lettura e sovrascrittura di dati arbitrari
esposizione di dati sensibili
SQL injection ed attacchi di tipo cross site scripting
bypass delle restrizioni di sicurezza
L'impatto delle vulnerabilita' varia in base alla configurazione
del sistema.
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html
:: Riferimenti
Oracle Critical Patch Update:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html
CIAC:
http://www.ciac.org/ciac/bulletins/s-264.shtml
Secunia:
http://secunia.com/advisories/29829/
FrSirt:
http://www.frsirt.com/english/advisories/2008/1233
SecurityFocus:
http://www.securityfocus.com/bid/28725
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1831
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSAhmXfOB+SpikaiRAQK4ZwP7B6BTbOAagtULhn9kPl0NwoSL3AUqrUXd
zerBD8z/Ie1b3ycEHQwYDkERqzfgfZT4d4qPvIdfzWJIEQdFyuw0BssPWN3vm42T
YMnJ9ZXi9tu9usIZZy+s+/NLi6YwBEbO/LnoWk6EaZeY7I7+ehrNMdY1NVptpzFZ
3jqcrSCi8bg=
=fdc8
-----END PGP SIGNATURE-----