Alert GCSA-12022 - Oracle Critical Patch Update Advisory (April
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12022
Data : 19 aprile 2012
Titolo : Oracle Critical Patch Update Advisory (April 2012)
******************************************************************
:: Descrizione del problema
Oracle ha rilasciato la Critical Patch Update April 2012.
L'aggiornamento e' una collezione di patch
che risolvono difetti di sicurezza e non,
presenti in vari prodotti e componenti Oracle.
:: Software interessato
Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Application Server 10g Release 3, version 10.1.3.5.0
Oracle BI Publisher, versions 10.1.3.4.1, 10.1.3.4.2
Oracle DB UM Connector for Oracle Identity Manager, Version 9.1.0.4
Oracle Identity Manager 11g, versions 11.1.1.3, 11.1.1.5
Oracle JDeveloper, version 10.1.3.5.0
Oracle JRockit versions, R28.2.2 and earlier, R27.7.1 and earlier
Oracle Outside In Technology, versions 8.3.5, 8.3.7
Oracle WebCenter Forms Recognition, version 10.1.3.5
Enterprise Manager Grid Control 11g Release 1, version 11.1.0.1
Enterprise Manager Grid Control 10g Release 1, version 10.2.0.5
Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.6, 12.1.1, 12.1.2, 12.1.3
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle Agile, version 6.0.0
Oracle AutoVue version 20.0.2
Oracle PeopleSoft Enterprise CRM, version 9.1
Oracle PeopleSoft Enterprise HCM, version 9.1
Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1
Oracle PeopleSoft Enterprise FCSM, versions 9.0, 9.1
Oracle PeopleSoft Enterprise PeopleTools, versions 8.50, 8.51, 8.52
Oracle PeopleSoft Enterprise Portal version 9.1
Oracle PeopleSoft Enterprise SCM, versions 9.0, 9.1
Oracle Siebel Life Sciences, versions 8.0.0, 8.1.1, 8.2.2
Oracle FLEXCUBE Direct Banking, versions 5.0.2, 5.3.0-5.3.4, 6.0.1, 6.2.0
Oracle FLEXCUBE Universal Banking, versions 10.0.0-10.5.0, 11.0.0-11.4.0
Primavera P6 Enterprise Project Portfolio Management, versions 6.2.1, 8.0, 8.1, 8.2
Oracle Sun Product Suite
Oracle MySQL Server, versions 5.1, 5.5
:: Impatto
L'impatto di queste vulnerabilita' varia a seconda del prodotto,
della componente e della configurazione del sistema.
Tra le potenziali conseguenze vi sono attacchi di tipo:
Denial of Service
Manipolazione di dati
Accesso al sistema
Attacchi SQL injection
Esecuzione remota di codice arbitrario
Esposizione di informazioni sensibili
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle
(vedere link nei Riferimenti)
:: Riferimenti
Oracle Critical Patch Update Advisory - April 2012
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
Oracle Critical Patch Updates, Security Alerts and Third Party Bulletin
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
US DOE JC3-CIRC bulletin
http://www.doecirc.energy.gov/bulletins/u-150.shtml
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0524
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0536
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0575
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1707
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1695
-----BEGIN PGP SIGNATURE-----
iD8DBQFPkCMlwZxMk2USYEIRApDZAJ4/z2KnZ8wAp0oEEZZOxfIwHTxTCwCgn4PC
g1yIBUG54/XFxie+h5NaO6k=
=CzLj
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12022
Data : 19 aprile 2012
Titolo : Oracle Critical Patch Update Advisory (April 2012)
******************************************************************
:: Descrizione del problema
Oracle ha rilasciato la Critical Patch Update April 2012.
L'aggiornamento e' una collezione di patch
che risolvono difetti di sicurezza e non,
presenti in vari prodotti e componenti Oracle.
:: Software interessato
Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Application Server 10g Release 3, version 10.1.3.5.0
Oracle BI Publisher, versions 10.1.3.4.1, 10.1.3.4.2
Oracle DB UM Connector for Oracle Identity Manager, Version 9.1.0.4
Oracle Identity Manager 11g, versions 11.1.1.3, 11.1.1.5
Oracle JDeveloper, version 10.1.3.5.0
Oracle JRockit versions, R28.2.2 and earlier, R27.7.1 and earlier
Oracle Outside In Technology, versions 8.3.5, 8.3.7
Oracle WebCenter Forms Recognition, version 10.1.3.5
Enterprise Manager Grid Control 11g Release 1, version 11.1.0.1
Enterprise Manager Grid Control 10g Release 1, version 10.2.0.5
Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.6, 12.1.1, 12.1.2, 12.1.3
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle Agile, version 6.0.0
Oracle AutoVue version 20.0.2
Oracle PeopleSoft Enterprise CRM, version 9.1
Oracle PeopleSoft Enterprise HCM, version 9.1
Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1
Oracle PeopleSoft Enterprise FCSM, versions 9.0, 9.1
Oracle PeopleSoft Enterprise PeopleTools, versions 8.50, 8.51, 8.52
Oracle PeopleSoft Enterprise Portal version 9.1
Oracle PeopleSoft Enterprise SCM, versions 9.0, 9.1
Oracle Siebel Life Sciences, versions 8.0.0, 8.1.1, 8.2.2
Oracle FLEXCUBE Direct Banking, versions 5.0.2, 5.3.0-5.3.4, 6.0.1, 6.2.0
Oracle FLEXCUBE Universal Banking, versions 10.0.0-10.5.0, 11.0.0-11.4.0
Primavera P6 Enterprise Project Portfolio Management, versions 6.2.1, 8.0, 8.1, 8.2
Oracle Sun Product Suite
Oracle MySQL Server, versions 5.1, 5.5
:: Impatto
L'impatto di queste vulnerabilita' varia a seconda del prodotto,
della componente e della configurazione del sistema.
Tra le potenziali conseguenze vi sono attacchi di tipo:
Denial of Service
Manipolazione di dati
Accesso al sistema
Attacchi SQL injection
Esecuzione remota di codice arbitrario
Esposizione di informazioni sensibili
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle
(vedere link nei Riferimenti)
:: Riferimenti
Oracle Critical Patch Update Advisory - April 2012
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
Oracle Critical Patch Updates, Security Alerts and Third Party Bulletin
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
US DOE JC3-CIRC bulletin
http://www.doecirc.energy.gov/bulletins/u-150.shtml
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0524
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0536
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0575
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1707
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1695
-----BEGIN PGP SIGNATURE-----
iD8DBQFPkCMlwZxMk2USYEIRApDZAJ4/z2KnZ8wAp0oEEZZOxfIwHTxTCwCgn4PC
g1yIBUG54/XFxie+h5NaO6k=
=CzLj
-----END PGP SIGNATURE-----