Date: 22 October 2007
References: AL-2007.0117
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
AusCERT Update AU-2007.0023 - [Win][UNIX/Linux]
Oracle Critical Patch Update for October 2007
22 October 2007
AusCERT Update Summary
----------------------
Product: Oracle Database 10g
Oracle Database 9i
Oracle Application Server 10g
Oracle Collaboration Suite 10g
Oracle E-Business Suite Release 11i and 12
Oracle Enterprise Manager Database Control 10g
Oracle Enterprise Manager Grid Control 10g
Oracle PeopleSoft Enterprise PeopleTools
Oracle PeopleSoft Enterprise Human Capital Management
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact: Execute Arbitrary Code/Commands
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2007-5504 CVE-2007-5505 CVE-2007-5506
CVE-2007-5507 CVE-2007-5508 CVE-2007-5509
CVE-2007-5510 CVE-2007-5511 CVE-2007-5512
CVE-2007-5513 CVE-2007-5514 CVE-2007-5515
CVE-2007-5516 CVE-2007-5517 CVE-2007-5518
CVE-2007-5519 CVE-2007-5520 CVE-2007-5521
CVE-2007-5522 CVE-2007-5523 CVE-2007-5524
CVE-2007-5525 CVE-2007-5526 CVE-2007-5527
CVE-2007-5528 CVE-2007-5529 CVE-2007-5530
CVE-2007-5531 CVE-2007-5532 CVE-2007-5533
CVE-2007-5534
Member content until: Wednesday, November 14 2007
Ref: AL-2007.0117
Revision History: October 22 2007: Added CVEs
October 19 2007: Added CVEs
October 17 2007: Initial Release
Oracle have released the Oracle Critical Patch Update for October as per
yesterday's pre-release announcement (AUSCERT AL-2007.0117), the complete
information regarding this patch update is available from the Oracle web
site:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRxvdmSh9+71yA2DNAQKezQP8CWhPXD/Omoe9HATOgvrQQN+kf+qvZxwy
B4nA7WygDI4Oo355sG4iWHooEij0wRzwo4DA6IJlIugSHu651G66vr0wOhYbp3aK
SE1i+rqouvNQKZHuVXgNC+rWjSpo1jRr5mtLyahZvKHSyAQZdu80CVftElozDgoO
tYWqCU/eq2U=
=6kAE
-----END PGP SIGNATURE-----
|