Date: 18 January 2012
References: ASB-2011.0076.2 ASB-2011.0080 ASB-2011.0091 ASB-2012.0007 ESB-2012.0146 ESB-2012.0157 ESB-2012.0171 ASB-2012.0023.2 ASB-2012.0024.2 ESB-2012.0182
ESB-2012.0199 ESB-2012.0229 ESB-2012.0252 ESB-2012.0327 ESB-2012.0339 ESB-2012.0377 ESB-2012.0403 ESB-2012.0509 ASB-2012.0103 ESB-2012.0682 ESB-2012.0718
ESB-2012.0973 ASB-2013.0007
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2012.0009
Oracle has released 78 updates which correct vulnerabilities
in their products
18 January 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Database 10g Release 1, version 10.1.0.5
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0
Oracle Application Server 10g Release 3, version 10.1.3.5.0
Oracle Outside In Technology, versions 8.3.5, 8.3.7
Oracle WebLogic Server, versions 9.2.4, 10.0.2, 11gR1 (10.3.3, 10.3.4, 10.3.5)
Oracle E-Business Suite Release 12, versions 12.1.2, 12.1.3
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle Transportation Management, versions 5.5, 6.0, 6.1, 6.2
Oracle PeopleSoft Enterprise CRM, version 8.9
Oracle PeopleSoft Enterprise HCM, versions 8.9, 9.0, 9.1
Oracle PeopleSoft Enterprise PeopleTools, version 8.52
Oracle JDEdwards, version 8.98
Oracle Sun Product Suite
Oracle VM VirtualBox, version 4.1
Oracle Virtual Desktop Infrastructure, version 3.2
Oracle MySQL Server, versions 5.0, 5.1, 5.5
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Reduced Security -- Unknown/Unspecified
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2012-0496 CVE-2012-0495 CVE-2012-0494
CVE-2012-0493 CVE-2012-0492 CVE-2012-0491
CVE-2012-0490 CVE-2012-0489 CVE-2012-0488
CVE-2012-0487 CVE-2012-0486 CVE-2012-0485
CVE-2012-0484 CVE-2012-0120 CVE-2012-0119
CVE-2012-0118 CVE-2012-0117 CVE-2012-0116
CVE-2012-0115 CVE-2012-0114 CVE-2012-0113
CVE-2012-0112 CVE-2012-0111 CVE-2012-0110
CVE-2012-0109 CVE-2012-0105 CVE-2012-0104
CVE-2012-0103 CVE-2012-0102 CVE-2012-0101
CVE-2012-0100 CVE-2012-0099 CVE-2012-0098
CVE-2012-0097 CVE-2012-0096 CVE-2012-0094
CVE-2012-0091 CVE-2012-0089 CVE-2012-0088
CVE-2012-0087 CVE-2012-0085 CVE-2012-0084
CVE-2012-0083 CVE-2012-0081 CVE-2012-0080
CVE-2012-0079 CVE-2012-0078 CVE-2012-0077
CVE-2012-0076 CVE-2012-0075 CVE-2012-0074
CVE-2012-0073 CVE-2011-5035 CVE-2011-4517
CVE-2011-4516 CVE-2011-3574 CVE-2011-3573
CVE-2011-3571 CVE-2011-3570 CVE-2011-3569
CVE-2011-3568 CVE-2011-3566 CVE-2011-3565
CVE-2011-3564 CVE-2011-3531 CVE-2011-3524
CVE-2011-3514 CVE-2011-3509 CVE-2011-3192
CVE-2011-2326 CVE-2011-2325 CVE-2011-2324
CVE-2011-2321 CVE-2011-2317 CVE-2011-2271
CVE-2011-2262
Member content until: Friday, February 17 2012
Reference: ASB-2012.0007
ASB-2011.0091
ASB-2011.0080
ASB-2011.0076.2
OVERVIEW
Oracle have released updates which correct vulnerabilities in their
products. [1]
IMPACT
Specific impacts have not been published by Oracle at this time
however the following information regarding CVSS 2.0 scoring and
affected products is available from the Oracle site [1].
Oracle states, "Due to the threat posed by a successful attack, Oracle strongly
recommends that customers apply CPU fixes as soon as possible.
This Critical Patch Update contains 78 new security fixes across all
product families listed below." [1]
Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Database 10g Release 1, version 10.1.0.5
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0
Oracle Application Server 10g Release 3, version 10.1.3.5.0
Oracle Outside In Technology, versions 8.3.5, 8.3.7
Oracle WebLogic Server, versions 9.2.4, 10.0.2, 11gR1 (10.3.3, 10.3.4, 10.3.5)
Oracle E-Business Suite Release 12, versions 12.1.2, 12.1.3
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle Transportation Management, versions 5.5, 6.0, 6.1, 6.2
Oracle PeopleSoft Enterprise CRM, version 8.9
Oracle PeopleSoft Enterprise HCM, versions 8.9, 9.0, 9.1
Oracle PeopleSoft Enterprise PeopleTools, version 8.52
Oracle JDEdwards, version 8.98
Oracle Sun Product Suite
Oracle VM VirtualBox, version 4.1
Oracle Virtual Desktop Infrastructure, version 3.2
Oracle MySQL Server, versions 5.0, 5.1, 5.5
MITIGATION
Oracle states, "Due to the threat posed by a successful attack, Oracle strongly
recommends that customers apply CPU fixes as soon as possible. "
Links to the appropriate patches are available at the Oracle
website. [1]
REFERENCES
[1] Oracle Critical Patch Update Advisory - January 2012
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTxYafu4yVqjM2NGpAQJfbA/+IYlzaL4xiT4t+FIEcvJCgRrVBQJ+Jy3X
AvXCBjLMA1DgZzAgmRxDUrZnVNdYm0P00KDYjXxlSk9yNGiYlh/DaWcO7RzpOzMl
pi1bbzuGvxFoCRoWVk70mIBQ154wcZ2+fYlhKF5n8vagjljgfT/VV1ERGjHuSq2h
S2DD7mwBNVD4pnrjkK8seB4pJPo7X6DY7TrCS6FGwUL5Kc03+YYz+xNNMEicOQm1
XWHtQl2GPdXrzZZU2mkDUe6kU83iTL63lez/FUgj7njVVHprKhjOdSuy+pp1uvX8
gMB8b1+B67IN07u4mihdua6WL4nkAXDT6zySJpf/YxjBXIsLA2u3BKVFkcM3LdJi
YwGTmwIMzSoVsjTd/OJ8F5P1F759m8YpH9kTOhvl+bnTltAmXEcrbdOHtyg4qeTl
5rRoiH1BdmLcruLaw+3zUZR0uyWXY2GKvWZMh+eECz9SD0YVP7G9qzhq+omDCvSP
B38Abc4/ww31t8edWnMCMvQcV1JUKLFSRpBaK5NZwfCIqTflPXS/ToYxxW6cLmyU
LzN2Kq75OMgII7GXQVI1YFlPlMHepKBH/BfuR9ab4Sipfq+XFydHh1WJSg9XVQ/M
+AWT2CX9wAGAmUH90yAAovAYGIsine/H2WnTrlAf/bP/dCBhIQCYNilUfpm/0V0c
69tdWpeHdqo=
=n0sv
-----END PGP SIGNATURE-----
|