Alert GCSA-12036 - Oracle Critical Patch Update Advisory (July 2012)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12036
Data : 18 luglio 2012
Titolo : Oracle Critical Patch Update Advisory (July 2012)
******************************************************************
:: Descrizione del problema
Oracle ha rilasciato la Critical Patch Update July 2012.
L'aggiornamento e' una collezione di patch che risolvono difetti di sicurezza
e non, presenti in vari prodotti e componenti Oracle.
:: Software interessato
Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Secure Backup, version 10.3.0.3, 10.4.0.1
Oracle Fusion Middleware 11g Release 2, version 11.1.2.0
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.5, 11.1.1.6
Oracle Application Server 10g Release 3, version 10.1.3.5
Oracle Identity Management 10g, version 10.1.4.3
Hyperion BI+, version 11.1.1.x
Oracle JRockit versions, R28.2.3 and earlier, R27.7.2 and earlier
Oracle Map Viewer, versions 10.1.3.1, 11.1.1.5, 11.1.1.6
Oracle Outside In Technology, versions 8.3.5, 8.3.7
Enterprise Manager Plugin for Database 12c Release 1, versions 12.1.0.1, 12.1.0.2
Enterprise Manager Grid Control 11g Release 1, version 11.1.0.1
Enterprise Manager Grid Control 10g Release 1, version 10.2.0.5
Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.6, 12.1.1, 12.1.2, 12.1.3
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle Transportation Management, versions 5.5.06, 6.0, 6.1, 6.2
Oracle AutoVue, versions 20.0.2, 20.1
Oracle PeopleSoft Enterprise HRMS, versions 9.0, 9.1
Oracle PeopleSoft Enterprise PeopleTools, versions 8.50, 8.51, 8.52
Oracle Siebel CRM, versions 8.1.1, 8.2.2
Oracle Clinical Remote Data Capture Option, versions 4.6, 4.6.2, 4.6.3
Oracle Sun Product Suite
Oracle MySQL Server, versions 5.1, 5.5
:: Impatto
L'impatto di queste vulnerabilita' varia a seconda del prodotto,
della componente e della configurazione del sistema.
Tra le potenziali conseguenze vi sono attacchi di tipo:
Denial of Service
Manipolazione di dati
Accesso al sistema
Esposizione di informazioni sensibili
Privilege escalation
Security Bypass
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle
(vedere link nei Riferimenti)
:: Riferimenti
Oracle Critical Patch Update Advisory - July 2012
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1715
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1739
-----BEGIN PGP SIGNATURE-----
iD8DBQFQBr7RwZxMk2USYEIRAqo4AJoCueV8ymcUeg/gH0eii1wd3gDZPgCffupv
vLj00E0CId0uBxmTSa4ugpg=
=PNq6
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12036
Data : 18 luglio 2012
Titolo : Oracle Critical Patch Update Advisory (July 2012)
******************************************************************
:: Descrizione del problema
Oracle ha rilasciato la Critical Patch Update July 2012.
L'aggiornamento e' una collezione di patch che risolvono difetti di sicurezza
e non, presenti in vari prodotti e componenti Oracle.
:: Software interessato
Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Secure Backup, version 10.3.0.3, 10.4.0.1
Oracle Fusion Middleware 11g Release 2, version 11.1.2.0
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.5, 11.1.1.6
Oracle Application Server 10g Release 3, version 10.1.3.5
Oracle Identity Management 10g, version 10.1.4.3
Hyperion BI+, version 11.1.1.x
Oracle JRockit versions, R28.2.3 and earlier, R27.7.2 and earlier
Oracle Map Viewer, versions 10.1.3.1, 11.1.1.5, 11.1.1.6
Oracle Outside In Technology, versions 8.3.5, 8.3.7
Enterprise Manager Plugin for Database 12c Release 1, versions 12.1.0.1, 12.1.0.2
Enterprise Manager Grid Control 11g Release 1, version 11.1.0.1
Enterprise Manager Grid Control 10g Release 1, version 10.2.0.5
Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.6, 12.1.1, 12.1.2, 12.1.3
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle Transportation Management, versions 5.5.06, 6.0, 6.1, 6.2
Oracle AutoVue, versions 20.0.2, 20.1
Oracle PeopleSoft Enterprise HRMS, versions 9.0, 9.1
Oracle PeopleSoft Enterprise PeopleTools, versions 8.50, 8.51, 8.52
Oracle Siebel CRM, versions 8.1.1, 8.2.2
Oracle Clinical Remote Data Capture Option, versions 4.6, 4.6.2, 4.6.3
Oracle Sun Product Suite
Oracle MySQL Server, versions 5.1, 5.5
:: Impatto
L'impatto di queste vulnerabilita' varia a seconda del prodotto,
della componente e della configurazione del sistema.
Tra le potenziali conseguenze vi sono attacchi di tipo:
Denial of Service
Manipolazione di dati
Accesso al sistema
Esposizione di informazioni sensibili
Privilege escalation
Security Bypass
:: Soluzioni
Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle
(vedere link nei Riferimenti)
:: Riferimenti
Oracle Critical Patch Update Advisory - July 2012
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1715
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1739
-----BEGIN PGP SIGNATURE-----
iD8DBQFQBr7RwZxMk2USYEIRAqo4AJoCueV8ymcUeg/gH0eii1wd3gDZPgCffupv
vLj00E0CId0uBxmTSa4ugpg=
=PNq6
-----END PGP SIGNATURE-----