Alert GCSA-09033 - Oracle Critical Patch Update (Aprile 2009)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
**********************************************************************
Alert ID : GCSA-09033
Data : 19 gennaio 2009
Titolo : Oracle Critical Patch Update (Aprile 2009)
**********************************************************************
:: Descrizione del problema
Oracle ha rilasciato la Critical Patch Update di Aprile 2009.
Tale aggiornamento e' una collezione di patch nata per porre
soluzione a varie vulnerabilita' presenti in alcuni prodotti
Oracle.
:: Software interessato
Oracle Database 11g, version 11.1.0.6, 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4
Oracle Database 10g, version 10.1.0.5
Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
Oracle Application Server 10g Release 2 (10.1.2), version
10.1.2.3.0
Oracle Outside In SDK HTML Export 8.2.2, 8.3.0
Oracle XML Publisher 5.6.2, 10.1.3.2, 10.1.3.2.1
Oracle BI Publisher 10.1.3.3.0 10.1.3.3.1, 10.1.3.3.2,
10.1.3.3.3, 10.1.3.4
Oracle E-Business Suite Release 12, version 12.0.6
Oracle E-Business Suite Release 11i, version 11.5.10.2
PeopleSoft Enterprise PeopleTools versions: 8.49
PeopleSoft Enterprise HRMS versions: 8.9 and 9.0
Oracle WebLogic Server 10.3
Oracle WebLogic Server 9.0 GA, 9.1 GA, 9.2 through 9.2 MP3
Oracle WebLogic Server 8.1 through 8.1 SP6
Oracle WebLogic Server 7.0 through 7.0 SP7
Oracle WebLogic Portal 8.1 through 8.1 SP6
Oracle Data Service Integrator 10.3.0 and Oracle AquaLogic Data
Services Platform (formerly BEA ALDSP) 3.2, 3.0.1, 3.0
Oracle JRockit (formerly BEA JRockit) R27.6.2 and earlier
(JDK/JRE 6, 5, 1.4.2)
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
Information disclosure
L'impatto delle vulnerabilita' varia in base alla configurazione
del sistema, del prodotto o della componente considerata.
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-
updates/cpuapr2009.html
:: Riferimenti
Oracle Critical Patch Updates and Security Alerts
http://www.oracle.com/technology/deploy/security/critical-patch-
updates/cpuapr2009.html
SecurityFocus BID
http://www.securityfocus.com/bid/34461
US-CERT - Technical Cyber Security Alert TA09-015A
http://www.us-cert.gov/cas/techalerts/TA09-015A.html
Secunia - Oracle BEA WebLogic Products Multiple Vulnerabilities
http://secunia.com/advisories/34074/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0980
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0190
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSex4KPOB+SpikaiRAQIElAP/fVAEsW09EaxrnekKFfPy85MekkrNNEA4
1txPGgVR9ehlmfk6/09kF4NdW7oWW4Qrj6TJnfQC12XCse7SiRmtDfQ3RbS7f2OH
MNr7PhHx8AAzJRtdD8tIHkF6XvUY7yUuISK9w8RWKt2WLuN3ByySNgkneO0n4C7V
58ZTmLZAC5s=
=y2hc
-----END PGP SIGNATURE-----
Hash: SHA1
**********************************************************************
Alert ID : GCSA-09033
Data : 19 gennaio 2009
Titolo : Oracle Critical Patch Update (Aprile 2009)
**********************************************************************
:: Descrizione del problema
Oracle ha rilasciato la Critical Patch Update di Aprile 2009.
Tale aggiornamento e' una collezione di patch nata per porre
soluzione a varie vulnerabilita' presenti in alcuni prodotti
Oracle.
:: Software interessato
Oracle Database 11g, version 11.1.0.6, 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4
Oracle Database 10g, version 10.1.0.5
Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
Oracle Application Server 10g Release 2 (10.1.2), version
10.1.2.3.0
Oracle Outside In SDK HTML Export 8.2.2, 8.3.0
Oracle XML Publisher 5.6.2, 10.1.3.2, 10.1.3.2.1
Oracle BI Publisher 10.1.3.3.0 10.1.3.3.1, 10.1.3.3.2,
10.1.3.3.3, 10.1.3.4
Oracle E-Business Suite Release 12, version 12.0.6
Oracle E-Business Suite Release 11i, version 11.5.10.2
PeopleSoft Enterprise PeopleTools versions: 8.49
PeopleSoft Enterprise HRMS versions: 8.9 and 9.0
Oracle WebLogic Server 10.3
Oracle WebLogic Server 9.0 GA, 9.1 GA, 9.2 through 9.2 MP3
Oracle WebLogic Server 8.1 through 8.1 SP6
Oracle WebLogic Server 7.0 through 7.0 SP7
Oracle WebLogic Portal 8.1 through 8.1 SP6
Oracle Data Service Integrator 10.3.0 and Oracle AquaLogic Data
Services Platform (formerly BEA ALDSP) 3.2, 3.0.1, 3.0
Oracle JRockit (formerly BEA JRockit) R27.6.2 and earlier
(JDK/JRE 6, 5, 1.4.2)
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
Information disclosure
L'impatto delle vulnerabilita' varia in base alla configurazione
del sistema, del prodotto o della componente considerata.
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-
updates/cpuapr2009.html
:: Riferimenti
Oracle Critical Patch Updates and Security Alerts
http://www.oracle.com/technology/deploy/security/critical-patch-
updates/cpuapr2009.html
SecurityFocus BID
http://www.securityfocus.com/bid/34461
US-CERT - Technical Cyber Security Alert TA09-015A
http://www.us-cert.gov/cas/techalerts/TA09-015A.html
Secunia - Oracle BEA WebLogic Products Multiple Vulnerabilities
http://secunia.com/advisories/34074/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0980
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0190
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSex4KPOB+SpikaiRAQIElAP/fVAEsW09EaxrnekKFfPy85MekkrNNEA4
1txPGgVR9ehlmfk6/09kF4NdW7oWW4Qrj6TJnfQC12XCse7SiRmtDfQ3RbS7f2OH
MNr7PhHx8AAzJRtdD8tIHkF6XvUY7yUuISK9w8RWKt2WLuN3ByySNgkneO0n4C7V
58ZTmLZAC5s=
=y2hc
-----END PGP SIGNATURE-----