Alert GCSA-12005 - Oracle Critical Patch Update Advisory (January
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12005
Data : 20 gennaio 2012
Titolo : Oracle Critical Patch Update Advisory (January 2012)
******************************************************************
:: Descrizione del problema
Oracle ha rilasciato la Critical Patch Update January 2012.
L'aggiornamento e' una collezione di 78 security fixes
che risolvono difetti di sicurezza e non, presenti
in vari prodotti e componenti Oracle.
:: Software interessato
Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Database 10g Release 1, version 10.1.0.5
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0,
11.1.1.5.0
Oracle Application Server 10g Release 3, version 10.1.3.5.0
Oracle Outside In Technology, versions 8.3.5, 8.3.7
Oracle WebLogic Server, versions 9.2.4, 10.0.2, 11gR1 (10.3.3, 10.3.4,
10.3.5)
Oracle E-Business Suite Release 12, versions 12.1.2, 12.1.3
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle Transportation Management, versions 5.5, 6.0, 6.1, 6.2
Oracle PeopleSoft Enterprise CRM, version 8.9
Oracle PeopleSoft Enterprise HCM, versions 8.9, 9.0, 9.1
Oracle PeopleSoft Enterprise PeopleTools, version 8.52
Oracle JDEdwards, version 8.98
Oracle Sun Product Suite
Oracle VM VirtualBox, version 4.1
Oracle Virtual Desktop Infrastructure, version 3.2
Oracle MySQL Server, versions 5.0, 5.1, 5.5
:: Impatto
L'impatto di queste vulnerabilita' varia a seconda del prodotto,
della componente e della configurazione del sistema.
Tra le potenziali conseguenze vi sono attacchi di tipo:
Denial of Service
Manipolazione di dati
Accesso al sistema
Attacchi SQL injection
Esecuzione remota di codice arbitrario
Esposizione di informazioni sensibili
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle
(vedere link nei Riferimenti)
:: Riferimenti
Oracle Critical Patch Update Advisory - January 2012
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
Oracle Critical Patch Updates, Security Alerts and Third Party Bulletin
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
US DOE JC3-CIRC bulletin
http://www.doecirc.energy.gov/bulletins/u-083.shtml
SecurityFocus Bugtraq ID
http://www.securityfocus.com/bid/51526
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3524
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0496
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTxl5pvOB+SpikaiRAQI16gP/fZj8kC1QKAvpoSxKhDD+oodEJgZvE/Fi
FRdMaURVccmR1THJDuASRglrIs5zNHEsr8UPaYGdCoo913kn41YEPDBDuUZvHPKX
eOoyquAkkFcLZodOdjuAZoOrjySuBVqbeAPehf6bdQCEyyAx/CJO9mTMZ3SmLDSW
mTm5WzLM3lc=
=LSGg
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12005
Data : 20 gennaio 2012
Titolo : Oracle Critical Patch Update Advisory (January 2012)
******************************************************************
:: Descrizione del problema
Oracle ha rilasciato la Critical Patch Update January 2012.
L'aggiornamento e' una collezione di 78 security fixes
che risolvono difetti di sicurezza e non, presenti
in vari prodotti e componenti Oracle.
:: Software interessato
Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Database 10g Release 1, version 10.1.0.5
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0,
11.1.1.5.0
Oracle Application Server 10g Release 3, version 10.1.3.5.0
Oracle Outside In Technology, versions 8.3.5, 8.3.7
Oracle WebLogic Server, versions 9.2.4, 10.0.2, 11gR1 (10.3.3, 10.3.4,
10.3.5)
Oracle E-Business Suite Release 12, versions 12.1.2, 12.1.3
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle Transportation Management, versions 5.5, 6.0, 6.1, 6.2
Oracle PeopleSoft Enterprise CRM, version 8.9
Oracle PeopleSoft Enterprise HCM, versions 8.9, 9.0, 9.1
Oracle PeopleSoft Enterprise PeopleTools, version 8.52
Oracle JDEdwards, version 8.98
Oracle Sun Product Suite
Oracle VM VirtualBox, version 4.1
Oracle Virtual Desktop Infrastructure, version 3.2
Oracle MySQL Server, versions 5.0, 5.1, 5.5
:: Impatto
L'impatto di queste vulnerabilita' varia a seconda del prodotto,
della componente e della configurazione del sistema.
Tra le potenziali conseguenze vi sono attacchi di tipo:
Denial of Service
Manipolazione di dati
Accesso al sistema
Attacchi SQL injection
Esecuzione remota di codice arbitrario
Esposizione di informazioni sensibili
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle
(vedere link nei Riferimenti)
:: Riferimenti
Oracle Critical Patch Update Advisory - January 2012
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
Oracle Critical Patch Updates, Security Alerts and Third Party Bulletin
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
US DOE JC3-CIRC bulletin
http://www.doecirc.energy.gov/bulletins/u-083.shtml
SecurityFocus Bugtraq ID
http://www.securityfocus.com/bid/51526
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3524
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0496
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTxl5pvOB+SpikaiRAQI16gP/fZj8kC1QKAvpoSxKhDD+oodEJgZvE/Fi
FRdMaURVccmR1THJDuASRglrIs5zNHEsr8UPaYGdCoo913kn41YEPDBDuUZvHPKX
eOoyquAkkFcLZodOdjuAZoOrjySuBVqbeAPehf6bdQCEyyAx/CJO9mTMZ3SmLDSW
mTm5WzLM3lc=
=LSGg
-----END PGP SIGNATURE-----