Alert GCSA-11056 - Oracle Critical Patch Update (Luglio 2011)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11056
Data : 22 Luglio 2011
Titolo : Oracle Critical Patch Update (Luglio 2011)
******************************************************************
:: Descrizione del problema
Oracle ha rilasciato una Critical Patch Update per il mese di
Luglio 2011 con lo scopo di correggere 78 vulnerabilita'
presenti in vari prodotti e componenti Oracle.
:: Software interessato
* Oracle Database 11g Release 2, versions 11.2.0.1, 11.2.0.2
* Oracle Database 11g Release 1, version 11.1.0.7
* Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
* Oracle Database 10g Release 1, version 10.1.0.5
* Oracle Secure Backup, version 10.3.0.3
* Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0,
11.1.1.5.0
* Oracle Application Server 10g Release 3, version 10.1.3.5.0
* Oracle Application Server 10g Release 2, version 10.1.2.3.0
* Oracle Business Intelligence Enterprise Edition, versions 10.1.3.4.1,
11.1.1.3
* Oracle Identity Management 10g, versions 10.1.4.0.1, 10.1.4.3
* Oracle JRockit, versions R27.6.9 and earlier (JDK/JRE 1.4.2, 5, 6),
R28.1.3 and earlier (JDK/JRE 5, 6)
* Oracle Outside In Technology, versions 8.3.2.0, 8.3.5.0
* Oracle Enterprise Manager 10g Grid Control Release 1, version 10.1.0.6
* Oracle Enterprise Manager 10g Grid Control Release 2, version 10.2.0.5
* Oracle Enterprise Manager 11g Grid Control Release 1, version 11.1.0.1
* Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.6, 12.1.1,
12.1.2, 12.1.3
* Oracle E-Business Suite Release 11i, version 11.5.10.2
* Oracle Agile Technology Platform, versions 9.3.0.3, 9.3.1.1
* Oracle PeopleSoft Enterprise FIN, versions 9.0, 9.1
* Oracle PeopleSoft Enterprise FMS, versions 9.0, 9.1
* Oracle PeopleSoft Enterprise FSCM, versions 9.0, 9.1
* Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1
* Oracle PeopleSoft Enterprise SCM, versions 9.0, 9.1
* Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51
* Oracle Sun Product Suite
:: Impatto
L'impatto di queste vulnerabilita' varia a seconda del prodotto,
della componente e della configurazione del sistema.
Tra le potenziali conseguenze sono possibili i seguenti attacchi:
Denial of Service
Accesso ad informazioni sensibili
Manipolazione di dati
Accesso al sistema
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle
http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
:: Riferimenti
Oracle Critical Patch Update Advisory - Luglio 2011
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Oracle Outside In CorelDRAW file parser stack buffer overflow
http://www.kb.cert.org/vuls/id/103425
US-CERT
http://www.us-cert.gov/cas/techalerts/TA11-201A.html
DOE CIRC T-672: Oracle Critical Patch Update Advisory - July 2011
http://www.doecirc.energy.gov/bulletins/t-672.shtml
CVE ID List on NVD:
http://web.nvd.nist.gov/view/vuln/search-results?query=cpujuly2011&search_type=all&cves=on
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTik7n/OB+SpikaiRAQIOjQP/SO1lh62Hav2NHPTgK3DbrdhEKUr+HWbU
ciaWzZKe4CJI5Ojern1sQJ9KvLkbkZQao4Ijdl5jEenUD2+llQcTrLAHQ265uIPi
VUfcn9KmTv1bxd1nYfIsKz6YPsXPXWYRHbUZUSNKem9DzWavuJB0Ci+XLdX0BQOP
5uuQbCwSaeU=
=1vi0
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11056
Data : 22 Luglio 2011
Titolo : Oracle Critical Patch Update (Luglio 2011)
******************************************************************
:: Descrizione del problema
Oracle ha rilasciato una Critical Patch Update per il mese di
Luglio 2011 con lo scopo di correggere 78 vulnerabilita'
presenti in vari prodotti e componenti Oracle.
:: Software interessato
* Oracle Database 11g Release 2, versions 11.2.0.1, 11.2.0.2
* Oracle Database 11g Release 1, version 11.1.0.7
* Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
* Oracle Database 10g Release 1, version 10.1.0.5
* Oracle Secure Backup, version 10.3.0.3
* Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0,
11.1.1.5.0
* Oracle Application Server 10g Release 3, version 10.1.3.5.0
* Oracle Application Server 10g Release 2, version 10.1.2.3.0
* Oracle Business Intelligence Enterprise Edition, versions 10.1.3.4.1,
11.1.1.3
* Oracle Identity Management 10g, versions 10.1.4.0.1, 10.1.4.3
* Oracle JRockit, versions R27.6.9 and earlier (JDK/JRE 1.4.2, 5, 6),
R28.1.3 and earlier (JDK/JRE 5, 6)
* Oracle Outside In Technology, versions 8.3.2.0, 8.3.5.0
* Oracle Enterprise Manager 10g Grid Control Release 1, version 10.1.0.6
* Oracle Enterprise Manager 10g Grid Control Release 2, version 10.2.0.5
* Oracle Enterprise Manager 11g Grid Control Release 1, version 11.1.0.1
* Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.6, 12.1.1,
12.1.2, 12.1.3
* Oracle E-Business Suite Release 11i, version 11.5.10.2
* Oracle Agile Technology Platform, versions 9.3.0.3, 9.3.1.1
* Oracle PeopleSoft Enterprise FIN, versions 9.0, 9.1
* Oracle PeopleSoft Enterprise FMS, versions 9.0, 9.1
* Oracle PeopleSoft Enterprise FSCM, versions 9.0, 9.1
* Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1
* Oracle PeopleSoft Enterprise SCM, versions 9.0, 9.1
* Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51
* Oracle Sun Product Suite
:: Impatto
L'impatto di queste vulnerabilita' varia a seconda del prodotto,
della componente e della configurazione del sistema.
Tra le potenziali conseguenze sono possibili i seguenti attacchi:
Denial of Service
Accesso ad informazioni sensibili
Manipolazione di dati
Accesso al sistema
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle
http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
:: Riferimenti
Oracle Critical Patch Update Advisory - Luglio 2011
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Oracle Outside In CorelDRAW file parser stack buffer overflow
http://www.kb.cert.org/vuls/id/103425
US-CERT
http://www.us-cert.gov/cas/techalerts/TA11-201A.html
DOE CIRC T-672: Oracle Critical Patch Update Advisory - July 2011
http://www.doecirc.energy.gov/bulletins/t-672.shtml
CVE ID List on NVD:
http://web.nvd.nist.gov/view/vuln/search-results?query=cpujuly2011&search_type=all&cves=on
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTik7n/OB+SpikaiRAQIOjQP/SO1lh62Hav2NHPTgK3DbrdhEKUr+HWbU
ciaWzZKe4CJI5Ojern1sQJ9KvLkbkZQao4Ijdl5jEenUD2+llQcTrLAHQ265uIPi
VUfcn9KmTv1bxd1nYfIsKz6YPsXPXWYRHbUZUSNKem9DzWavuJB0Ci+XLdX0BQOP
5uuQbCwSaeU=
=1vi0
-----END PGP SIGNATURE-----