Alert GCSA-11032 - Oracle Critical Patch Update (Aprile 2011)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11032
Data : 20 Aprile 2011
Titolo : Oracle Critical Patch Update (Aprile 2011)
******************************************************************
:: Descrizione del problema
Oracle ha rilasciato una Critical Patch Update per il mese di
Aprile 2011 con lo scopo di correggere numerose vulnerabilita'
presenti in vari prodotti e componenti Oracle, Sun Product Suite
e OpenOffice.
:: Software interessato
Oracle Database 11g Release 2, versioni 11.2.0.1, 11.2.0.2
Oracle Database 11g Release 1, versione 11.1.0.7
Oracle Database 10g Release 2, versioni 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Database 10g Release 1, versione 10.1.0.5
Oracle Fusion Middleware 11g Release 1, versioni 11.1.1.2.0, 11.1.1.3.0, 11.1.1.4.0
Oracle Application Server 10g Release 3, versione 10.1.3.5.0
Oracle Application Server 10g Release 2, versione 10.1.2.3.0
Oracle Identity Management 10g, versioni 10.1.4.0.1, 10.1.4.3
Oracle JRockit, versioni R27.6.8 e precedenti (JDK/JRE 1.4.2, 5, 6), R28.1.1 e precedenti (JDK/JRE 5, 6)
Oracle Outside In Technology, versioni 8.3.2.0, 8.3.5.0
Oracle WebLogic Server, versioni 8.1.6, 9.2.3, 9.2.4, 10.0.2, 11gR1 (10.3.2, 10.3.3, 10.3.4)
Oracle E-Business Suite Release 12, versioni 12.0.6, 12.1.1, 12.1.2, 12.1.3
Oracle E-Business Suite Release 11i, versione 11.5.10.2
Oracle Agile Technology Platform, versioni 9.3.0.2, 9.3.1
Oracle PeopleSoft Enterprise CRM, versione 8.9
Oracle PeopleSoft Enterprise ELS, versioni 9.0, 9.1
Oracle PeopleSoft Enterprise HRMS, versioni 9.0, 9.1
Oracle PeopleSoft Enterprise Portal, versioni 8.8, 8.9, 9.0, 9.1
Oracle PeopleSoft Enterprise People Tools, versioni 8.49, 8.50, 8.51
Oracle JD Edwards OneWorld Tools, versione 24.1.x
Oracle JD Edwards EnterpriseOne Tools, versione 8.98.x
Oracle Siebel CRM Core, versioni 7.8.2, 8.0.0, 8.1.1
Oracle InForm, versioni 4.5, 4.6, 5.0
Oracle Sun Product Suite
Oracle Open Office, versione 3 e StarOffice/StarSuite, versioni 7, 8
:: Impatto
DoS
Accesso ad informazioni sensibili
Manipolazione di dati
Accesso al sistema
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
:: Riferimenti
Oracle Critical Patch Update Advisory - Aprile 2011
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Secunia
http://secunia.com/advisories/search/?search=cpuapr2011-301950
VUPEN
http://www.vupen.com/english/searchengine.php?keyword=cpuapr2011-301950
CVE ID List on NVD:
http://web.nvd.nist.gov/view/vuln/search-results?query=cpuapr2011-301950&search_type=all&cves=on
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTa7ai/OB+SpikaiRAQJETQP8DRiAZrCJ6Irk5LXh10NgXLjUGAE7R/dV
tgq7l5r0bMcSfK9A+aoPd0FoY6smnUFHtZE7HHdiDd04nMsT1D4P2soFYnj3yWv1
6GSwxHquSD9WZpTDivxrPJhYV4ZXbLCFqtbEh5P9sq9X3+cxHIcUOynfrYcEoe1X
mv07GUKD6hM=
=3dPy
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11032
Data : 20 Aprile 2011
Titolo : Oracle Critical Patch Update (Aprile 2011)
******************************************************************
:: Descrizione del problema
Oracle ha rilasciato una Critical Patch Update per il mese di
Aprile 2011 con lo scopo di correggere numerose vulnerabilita'
presenti in vari prodotti e componenti Oracle, Sun Product Suite
e OpenOffice.
:: Software interessato
Oracle Database 11g Release 2, versioni 11.2.0.1, 11.2.0.2
Oracle Database 11g Release 1, versione 11.1.0.7
Oracle Database 10g Release 2, versioni 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Database 10g Release 1, versione 10.1.0.5
Oracle Fusion Middleware 11g Release 1, versioni 11.1.1.2.0, 11.1.1.3.0, 11.1.1.4.0
Oracle Application Server 10g Release 3, versione 10.1.3.5.0
Oracle Application Server 10g Release 2, versione 10.1.2.3.0
Oracle Identity Management 10g, versioni 10.1.4.0.1, 10.1.4.3
Oracle JRockit, versioni R27.6.8 e precedenti (JDK/JRE 1.4.2, 5, 6), R28.1.1 e precedenti (JDK/JRE 5, 6)
Oracle Outside In Technology, versioni 8.3.2.0, 8.3.5.0
Oracle WebLogic Server, versioni 8.1.6, 9.2.3, 9.2.4, 10.0.2, 11gR1 (10.3.2, 10.3.3, 10.3.4)
Oracle E-Business Suite Release 12, versioni 12.0.6, 12.1.1, 12.1.2, 12.1.3
Oracle E-Business Suite Release 11i, versione 11.5.10.2
Oracle Agile Technology Platform, versioni 9.3.0.2, 9.3.1
Oracle PeopleSoft Enterprise CRM, versione 8.9
Oracle PeopleSoft Enterprise ELS, versioni 9.0, 9.1
Oracle PeopleSoft Enterprise HRMS, versioni 9.0, 9.1
Oracle PeopleSoft Enterprise Portal, versioni 8.8, 8.9, 9.0, 9.1
Oracle PeopleSoft Enterprise People Tools, versioni 8.49, 8.50, 8.51
Oracle JD Edwards OneWorld Tools, versione 24.1.x
Oracle JD Edwards EnterpriseOne Tools, versione 8.98.x
Oracle Siebel CRM Core, versioni 7.8.2, 8.0.0, 8.1.1
Oracle InForm, versioni 4.5, 4.6, 5.0
Oracle Sun Product Suite
Oracle Open Office, versione 3 e StarOffice/StarSuite, versioni 7, 8
:: Impatto
DoS
Accesso ad informazioni sensibili
Manipolazione di dati
Accesso al sistema
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
:: Riferimenti
Oracle Critical Patch Update Advisory - Aprile 2011
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Secunia
http://secunia.com/advisories/search/?search=cpuapr2011-301950
VUPEN
http://www.vupen.com/english/searchengine.php?keyword=cpuapr2011-301950
CVE ID List on NVD:
http://web.nvd.nist.gov/view/vuln/search-results?query=cpuapr2011-301950&search_type=all&cves=on
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTa7ai/OB+SpikaiRAQJETQP8DRiAZrCJ6Irk5LXh10NgXLjUGAE7R/dV
tgq7l5r0bMcSfK9A+aoPd0FoY6smnUFHtZE7HHdiDd04nMsT1D4P2soFYnj3yWv1
6GSwxHquSD9WZpTDivxrPJhYV4ZXbLCFqtbEh5P9sq9X3+cxHIcUOynfrYcEoe1X
mv07GUKD6hM=
=3dPy
-----END PGP SIGNATURE-----