Alert GCSA-11074 - Oracle Critical Patch Update Advisory (October
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11074
Data : 19 ottobre 2011
Titolo : Oracle Critical Patch Update Advisory (October 2011)
******************************************************************
:: Descrizione del problema
Oracle ha rilasciato la Critical Patch Update October 2011.
L'aggiornamento e' una collezione di 57 security fixes
che risolvono difetti di sicurezza e non, presenti
in vari prodotti e componenti Oracle.
:: Software interessato
Oracle Database 11g Release 2, version 11.2.0.2
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Database 10g Release 1, version 10.1.0.5
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0
Oracle Application Server 10g Release 3, version 10.1.3.5.0
Oracle Application Server 10g Release 2, version 10.1.2.3.0
Oracle Business Intelligence Enterprise Edition, versions 11.1.1.3, 11.1.1.5
Oracle Identity Management 10g, versions 10.1.4.0.1, 10.1.4.3
Oracle Outside In Technology, versions 8.3.5, 8.3.7
Oracle WebLogic Portal, versions 9.2.3.0, 10.0.1.0, 10.2.1.0, 10.3.2.0
Oracle WebLogic Server, versions 9.2.4, 10.0.2, 11gR1 (10.3.3, 10.3.4, 10.3.5)
Oracle E-Business Suite Release 12, versions 12.0.6, 12.1.2, 12.1.3
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle Agile Product Supplier Collaboration for Process, versions 5.2.2, 6.0.0.2, 6.0.0.3, 6.0.0.4
Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1
Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51
Oracle Siebel CRM Core and Apps, versions 8.0.0, 8.1.1
Oracle Clinical, Remote Data Capture, versions 4.6, 4.6.2
Oracle Thesaurus Management System, versions 4.6.1, 4.6.2
Oracle Sun Product Suite
Oracle Linux 5
Oracle Sun Ray
:: Impatto
L'impatto di queste vulnerabilita' varia a seconda del prodotto,
della componente e della configurazione del sistema.
Tra le potenziali conseguenze vi sono attacchi di tipo:
Denial of Service
Manipolazione di dati
Accesso al sistema
Attacchi SQL injection
Esecuzione remota di codice arbitrario
Esposizione di informazioni sensibili
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle
(vedere link nei Riferimenti)
:: Riferimenti
Oracle Critical Patch Updates and Security Alerts
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3525
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2310
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3535
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3536
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3538
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTp7QB/OB+SpikaiRAQLUBAQA037rJdT/HXQS1nEbmVFw1F6rSXmrQNJZ
VSmB96y1jxiVgUqRmGxeLlJPFYKFMtnw27n4h4bD/vQC4EmG8iSHn9MpLupdy2er
IKK37qkJgrPW0MF+o54x44C9QGkXDVaqArndWmw7p1E/IcXyrqznZfopf/ENHz+5
63Hm+EWTbz8=
=zkT9
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11074
Data : 19 ottobre 2011
Titolo : Oracle Critical Patch Update Advisory (October 2011)
******************************************************************
:: Descrizione del problema
Oracle ha rilasciato la Critical Patch Update October 2011.
L'aggiornamento e' una collezione di 57 security fixes
che risolvono difetti di sicurezza e non, presenti
in vari prodotti e componenti Oracle.
:: Software interessato
Oracle Database 11g Release 2, version 11.2.0.2
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Database 10g Release 1, version 10.1.0.5
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0
Oracle Application Server 10g Release 3, version 10.1.3.5.0
Oracle Application Server 10g Release 2, version 10.1.2.3.0
Oracle Business Intelligence Enterprise Edition, versions 11.1.1.3, 11.1.1.5
Oracle Identity Management 10g, versions 10.1.4.0.1, 10.1.4.3
Oracle Outside In Technology, versions 8.3.5, 8.3.7
Oracle WebLogic Portal, versions 9.2.3.0, 10.0.1.0, 10.2.1.0, 10.3.2.0
Oracle WebLogic Server, versions 9.2.4, 10.0.2, 11gR1 (10.3.3, 10.3.4, 10.3.5)
Oracle E-Business Suite Release 12, versions 12.0.6, 12.1.2, 12.1.3
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle Agile Product Supplier Collaboration for Process, versions 5.2.2, 6.0.0.2, 6.0.0.3, 6.0.0.4
Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1
Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51
Oracle Siebel CRM Core and Apps, versions 8.0.0, 8.1.1
Oracle Clinical, Remote Data Capture, versions 4.6, 4.6.2
Oracle Thesaurus Management System, versions 4.6.1, 4.6.2
Oracle Sun Product Suite
Oracle Linux 5
Oracle Sun Ray
:: Impatto
L'impatto di queste vulnerabilita' varia a seconda del prodotto,
della componente e della configurazione del sistema.
Tra le potenziali conseguenze vi sono attacchi di tipo:
Denial of Service
Manipolazione di dati
Accesso al sistema
Attacchi SQL injection
Esecuzione remota di codice arbitrario
Esposizione di informazioni sensibili
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle
(vedere link nei Riferimenti)
:: Riferimenti
Oracle Critical Patch Updates and Security Alerts
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3525
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2310
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3535
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3536
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3538
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTp7QB/OB+SpikaiRAQLUBAQA037rJdT/HXQS1nEbmVFw1F6rSXmrQNJZ
VSmB96y1jxiVgUqRmGxeLlJPFYKFMtnw27n4h4bD/vQC4EmG8iSHn9MpLupdy2er
IKK37qkJgrPW0MF+o54x44C9QGkXDVaqArndWmw7p1E/IcXyrqznZfopf/ENHz+5
63Hm+EWTbz8=
=zkT9
-----END PGP SIGNATURE-----