Oracle Critical Patch Update (Ottobre 2008)

Inserito da Silvio Passalacqua 16 ottobre, 2008

Descrizione del problema

Oracle ha rilasciato una Critical Patch Update Ottobre 2008.
Tale aggiornamento e’ una collezione di patch nata per porre
soluzione a 36 difetti di sicurezza presenti in vari prodotti
Oracle.

:: Software interessato

Oracle Database 11g, version 11.1.0.6
Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3, 10.2.0.4
Oracle Database 10g, version 10.1.0.5
Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV

Oracle Application Server 10g Release 3 (10.1.3), versions
10.1.3.3.0, 10.1.3.4.0
Oracle Application Server 10g Release 2 (10.1.2), versions
10.1.2.2.0, 10.1.2.3.0
Oracle Application Server 10g (9.0.4), version 9.0.4.3

Oracle E-Business Suite Release 12, version 12.0.4
Oracle E-Business Suite Release 11i, version 11.5.10.2

Oracle PeopleSoft Enterprise PeopleTools versions 8.48.18, 8.49.14
Oracle PeopleSoft Enterprise Portal versions 8.9, 9.0

Oracle WebLogic Server (formerly BEA WebLogic Server) 10.0 released
through MP1, 10.3 GA
Oracle WebLogic Server (formerly BEA WebLogic Server) 9.0 GA, 9.1 GA,
9.2 released through MP3
Oracle WebLogic Server (formerly BEA WebLogic Server) 8.1 released
through SP6
Oracle WebLogic Server (formerly BEA WebLogic Server) 7.0 released
through SP7
Oracle WebLogic Server (formerly BEA WebLogic Server) 6.1 released
through SP7

Oracle Workshop for WebLogic (formerly BEA WebLogic Workshop) 10.0
released through MP1, 10.2 GA, 10.3 GA
Oracle Workshop for WebLogic (formerly BEA WebLogic Workshop) 9.0,
9.1, 9.2 released through MP3
Oracle Workshop for WebLogic (formerly BEA WebLogic Workshop) 8.1
released through SP6

:: Impatto

Security Bypass
Exposure of sensitive information
Privilege escalation
DoS
System access

L’impatto delle vulnerabilita’ varia in base alla configurazione
del sistema, del prodotto o della componente considerata.

:: Soluzioni

Applicare le patch appropriate o procedere all’opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle:

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html

:: Riferimenti

Oracle Critical Patch Updates and Security Alerts

http://www.oracle.com/technology/deploy/security/alerts.htm

SecurityFocus

http://www.securityfocus.com/bid/31683

Mitre’s CVE ID

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4008

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4009

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4010

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4011

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4012

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4013

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4000

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4001

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4002

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4003

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4004

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3985

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3988

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3998

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3619

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3993

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3975

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3977

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3588

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3986

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3987

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3989

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2624

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3996

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3992

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3976

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3982

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3983

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3984

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3994

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3980

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4005

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2625

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3990

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3991

Categories : Sicurezza Tags : , , , , , , , , , , , , , , , , , , , Tweet This!

Commenti

Non ci sono commenti.


Inserisci un Commento

(richiesto)

(richiesta)