Alert GCSA-10082 - Oracle Critical Patch Update (Luglio 2010)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10082
Data : 15 Luglio 2010
Titolo : Oracle Critical Patch Update (Luglio 2010)
******************************************************************
:: Descrizione del problema
Oracle ha rilasciato una Critical Patch Update per il mese di
luglio 2010 con lo scopo di correggere numerose vulnerabilita'
presenti in vari prodotti e componenti Oracle e in Sun Solaris.
:: Software interessato
Oracle Database 11g Release 2, versione 11.2.0.1
Oracle Database 11g Release 1, versione 11.1.0.7
Oracle Database 10g Release 2, versioni 10.2.0.3 e 10.2.0.4
Oracle Database 10g, versione 10.1.0.5
Oracle Database 9i Release 2, versioni 9.2.0.8 e 9.2.0.8DV
Oracle TimesTen In-Memory Database, versioni 7.0.6.0 e 11.2.1.4.1
Oracle Secure Backup versione 10.3.0.1
Oracle Application Server 10gR2, versione 10.1.2.3.0
Oracle Identity Management 10g, versioni 10.1.4.0.1
Oracle WebLogic Server 11gR1 versioni 10.3.1, 10.3.2 e 10.3.3
Oracle WebLogic Server 10gR3 versione 10.3.0
Oracle WebLogic Server 10.0 fino a MP2
Oracle WebLogic Server 9.0, 9.1, 9.2 fino a MP3
Oracle WebLogic Server 8.1 fino al SP6
Oracle WebLogic Server 7.0 fino al SP7
Oracle JRockit R28.0.0 e precedenti (JDK/JRE 5 e 6)
Oracle JRockit R27.6.6 e precedenti (JDK/JRE 1.4.2, 5 e 6)
Oracle Business Process Management, versioni 5.7.3, 6.0.5, 10.3.1,10.3.2
Oracle Enterprise Manager Grid Control 10g Release 5, versione 10.2.0.5
Oracle Enterprise Manager Grid Control 10g Release 1, versione 10.1.0.6
Oracle E-Business Suite Release 12, versioni 12.0.4, 12.0.5, 12.0.6, 12.1.1 e 12.1.2
Oracle E-Business Suite Release 11i, versioni 11.5.10 e 11.5.10.2
Oracle Transportation Manager, versioni 5.5.05.07, 5.5.06.00, e 6.0.03
Oracle Agile - Engineering Data Management, versione 6.1.1.0
PeopleSoft Enterprise Campus Solutions versione9.0
PeopleSoft Enterprise CRM versioni 9.0 e 9.1
PeopleSoft Enterprise FSCM versioni 8.9, 9.0 e 9.1
PeopleSoft Enterprise HCM versioni 8.9, 9.0 e 9.1
PeopleSoft Enterprise PeopleTools versioni 8.49 e 8.50
Oracle Sun Products Suite
:: Impatto
Esecuzione remota di codice o comandi arbitrari
Information disclosure
Denial of service
Accesso ad informazioni sensibili
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html
:: Riferimenti
Oracle Critical Patch Update Advisory - Luglio 2010
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html
Sun Security Blog
http://blogs.sun.com/security/
Technical Cyber Security Alert TA10-103B
http://www.us-cert.gov/cas/techalerts/TA10-194B.html
Secunia
http://secunia.com/advisories/40594/
http://secunia.com/advisories/40595/
http://secunia.com/advisories/40596/
http://secunia.com/advisories/40597/
http://secunia.com/advisories/40598/
http://secunia.com/advisories/40599/
http://secunia.com/advisories/40600/
http://secunia.com/advisories/40601/
http://secunia.com/advisories/40602/
http://secunia.com/advisories/40603/
http://secunia.com/advisories/40604/
http://secunia.com/advisories/40605/
Securityfocus
http://www.securityfocus.com/bid/41620
http://www.securityfocus.com/bid/39077
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0873
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0892
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0911
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0915
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2403
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTD8RAfOB+SpikaiRAQJNRQQA1GAx+WvFWh2/DdTLUpBT7H6RdO3JfHnv
kH15wEP/j5oZ1XSLbGIUuA2DCu8+3s0iqSsEqNlVXTM2pTwLL6fHXOCwv+SseXyM
/0k8eUYy3Xi7m1+AECOUsQi7OFWwk/Rd4acWdYQFU2i6rg2nOesI05X0DKqKPSg6
aMWJ3zOAg8I=
=dvAT
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10082
Data : 15 Luglio 2010
Titolo : Oracle Critical Patch Update (Luglio 2010)
******************************************************************
:: Descrizione del problema
Oracle ha rilasciato una Critical Patch Update per il mese di
luglio 2010 con lo scopo di correggere numerose vulnerabilita'
presenti in vari prodotti e componenti Oracle e in Sun Solaris.
:: Software interessato
Oracle Database 11g Release 2, versione 11.2.0.1
Oracle Database 11g Release 1, versione 11.1.0.7
Oracle Database 10g Release 2, versioni 10.2.0.3 e 10.2.0.4
Oracle Database 10g, versione 10.1.0.5
Oracle Database 9i Release 2, versioni 9.2.0.8 e 9.2.0.8DV
Oracle TimesTen In-Memory Database, versioni 7.0.6.0 e 11.2.1.4.1
Oracle Secure Backup versione 10.3.0.1
Oracle Application Server 10gR2, versione 10.1.2.3.0
Oracle Identity Management 10g, versioni 10.1.4.0.1
Oracle WebLogic Server 11gR1 versioni 10.3.1, 10.3.2 e 10.3.3
Oracle WebLogic Server 10gR3 versione 10.3.0
Oracle WebLogic Server 10.0 fino a MP2
Oracle WebLogic Server 9.0, 9.1, 9.2 fino a MP3
Oracle WebLogic Server 8.1 fino al SP6
Oracle WebLogic Server 7.0 fino al SP7
Oracle JRockit R28.0.0 e precedenti (JDK/JRE 5 e 6)
Oracle JRockit R27.6.6 e precedenti (JDK/JRE 1.4.2, 5 e 6)
Oracle Business Process Management, versioni 5.7.3, 6.0.5, 10.3.1,10.3.2
Oracle Enterprise Manager Grid Control 10g Release 5, versione 10.2.0.5
Oracle Enterprise Manager Grid Control 10g Release 1, versione 10.1.0.6
Oracle E-Business Suite Release 12, versioni 12.0.4, 12.0.5, 12.0.6, 12.1.1 e 12.1.2
Oracle E-Business Suite Release 11i, versioni 11.5.10 e 11.5.10.2
Oracle Transportation Manager, versioni 5.5.05.07, 5.5.06.00, e 6.0.03
Oracle Agile - Engineering Data Management, versione 6.1.1.0
PeopleSoft Enterprise Campus Solutions versione9.0
PeopleSoft Enterprise CRM versioni 9.0 e 9.1
PeopleSoft Enterprise FSCM versioni 8.9, 9.0 e 9.1
PeopleSoft Enterprise HCM versioni 8.9, 9.0 e 9.1
PeopleSoft Enterprise PeopleTools versioni 8.49 e 8.50
Oracle Sun Products Suite
:: Impatto
Esecuzione remota di codice o comandi arbitrari
Information disclosure
Denial of service
Accesso ad informazioni sensibili
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html
:: Riferimenti
Oracle Critical Patch Update Advisory - Luglio 2010
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html
Sun Security Blog
http://blogs.sun.com/security/
Technical Cyber Security Alert TA10-103B
http://www.us-cert.gov/cas/techalerts/TA10-194B.html
Secunia
http://secunia.com/advisories/40594/
http://secunia.com/advisories/40595/
http://secunia.com/advisories/40596/
http://secunia.com/advisories/40597/
http://secunia.com/advisories/40598/
http://secunia.com/advisories/40599/
http://secunia.com/advisories/40600/
http://secunia.com/advisories/40601/
http://secunia.com/advisories/40602/
http://secunia.com/advisories/40603/
http://secunia.com/advisories/40604/
http://secunia.com/advisories/40605/
Securityfocus
http://www.securityfocus.com/bid/41620
http://www.securityfocus.com/bid/39077
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0873
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0892
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0911
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0915
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2403
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTD8RAfOB+SpikaiRAQJNRQQA1GAx+WvFWh2/DdTLUpBT7H6RdO3JfHnv
kH15wEP/j5oZ1XSLbGIUuA2DCu8+3s0iqSsEqNlVXTM2pTwLL6fHXOCwv+SseXyM
/0k8eUYy3Xi7m1+AECOUsQi7OFWwk/Rd4acWdYQFU2i6rg2nOesI05X0DKqKPSg6
aMWJ3zOAg8I=
=dvAT
-----END PGP SIGNATURE-----