Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0086 Oracle has released updates which correct vulnerabilities in numerous products 18 July 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Oracle Database Server Oracle Fusion Middleware Oracle Hyperion Oracle Enterprise Manager Grid Control Oracle E-Business Suite Oracle Supply Chain Products Suite Oracle PeopleSoft Products Oracle iLearning Oracle Industry Applications Oracle and Sun Systems Products Suite Oracle Virtualization Oracle MySQL Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Modify Arbitrary Files -- Remote/Unauthenticated Delete Arbitrary Files -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Increased Privileges -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2013-3825 CVE-2013-3824 CVE-2013-3823 CVE-2013-3822 CVE-2013-3821 CVE-2013-3820 CVE-2013-3819 CVE-2013-3818 CVE-2013-3816 CVE-2013-3813 CVE-2013-3812 CVE-2013-3811 CVE-2013-3810 CVE-2013-3809 CVE-2013-3808 CVE-2013-3807 CVE-2013-3806 CVE-2013-3805 CVE-2013-3804 CVE-2013-3803 CVE-2013-3802 CVE-2013-3801 CVE-2013-3800 CVE-2013-3799 CVE-2013-3798 CVE-2013-3797 CVE-2013-3796 CVE-2013-3795 CVE-2013-3794 CVE-2013-3793 CVE-2013-3791 CVE-2013-3790 CVE-2013-3789 CVE-2013-3788 CVE-2013-3787 CVE-2013-3786 CVE-2013-3784 CVE-2013-3783 CVE-2013-3782 CVE-2013-3781 CVE-2013-3780 CVE-2013-3779 CVE-2013-3778 CVE-2013-3777 CVE-2013-3776 CVE-2013-3775 CVE-2013-3774 CVE-2013-3773 CVE-2013-3772 CVE-2013-3771 CVE-2013-3770 CVE-2013-3769 CVE-2013-3768 CVE-2013-3767 CVE-2013-3765 CVE-2013-3764 CVE-2013-3763 CVE-2013-3761 CVE-2013-3760 CVE-2013-3759 CVE-2013-3758 CVE-2013-3757 CVE-2013-3756 CVE-2013-3755 CVE-2013-3754 CVE-2013-3753 CVE-2013-3752 CVE-2013-3751 CVE-2013-3750 CVE-2013-3749 CVE-2013-3748 CVE-2013-3747 CVE-2013-3746 CVE-2013-3745 CVE-2013-2461 CVE-2013-1861 CVE-2013-0398 CVE-2012-2687 CVE-2011-3348 CVE-2011-0419 CVE-2010-2068 CVE-2010-0434 CVE-2010-0425 CVE-2008-2364 CVE-2007-6388 CVE-2007-5000 CVE-2007-3847 CVE-2006-5752 CVE-2005-3352 Member content until: Saturday, August 17 2013 Reference: ASB-2013.0075 ASB-2013.0057 ESB-2013.0976 ESB-2013.0923 ESB-2013.0874 ESB-2013.0873 ASB-2012.0103 ESB-2012.0991 ESB-2012.0799 ESB-2011.1104 ESB-2011.0668 ESB-2011.0552 ESB-2011.0523 ESB-2011.0314 ASB-2010.0122 ASB-2010.0087 ESB-2010.0531 ESB-2009.1211 ESB-2009.0317 ESB-2008.0074 AA-2007.0078 ESB-2007.0468 ESB-2006.0430 ESB-2006.0006 ASB-2011.0076.2 ASB-2010.0181.2 ESB-2010.1039.2 ESB-2010.0871.2 ESB-2010.0842.2 OVERVIEW Oracle has released updates which correct vulnerabilities in numerous products. [1] Oracle states, "This Critical Patch Update contains 89 new security fixes across the product families listed below." [1] Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3 Oracle Database 11g Release 1, version 11.1.0.7 Oracle Database 10g Release 2, versions 10.2.0.4, 10.2.0.5 Oracle Access Manager, versions 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0 Oracle Endeca Server, versions 7.4.0, 7.5.1.1 Oracle HTTP Server, versions 10.1.3.5.0 Oracle JRockit, versions R27.7.5 and earlier, R28.2.7 and earlier Oracle Outside In Technology, versions 8.3.7, 8.4.0, 8.4.1 Oracle WebCenter Content, versions 10.1.3.5.1, 11.1.1.6.0, 11.1.1.7.0 Oracle Hyperion BI, versions 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, 11.1.2.2.305 and earlier Enterprise Manager Plugin for Database 12c Release 1, versions 12.1.0.2, 12.1.0.3 Enterprise Manager Grid Control 11g Release 1, version 11.1.0.1 Enterprise Manager Grid Control 10g Release 1, version 10.2.0.5 Oracle E-Business Suite Release 12i, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3 Oracle E-Business Suite Release 11i, version 11.5.10.2 Oracle Agile Collaboration Framework, version 9.3.1 Oracle Agile PLM Framework, version 9.3.1 Oracle Agile Product Framework, version 9.3.1 Oracle PeopleSoft Enterprise Portal, version 9.1 Oracle PeopleSoft HRMS, version 9.1 Oracle PeopleSoft PeopleTools, versions 8.51, 8.52, 8.53 Oracle iLearning, versions 5.2.1, 6.0 Oracle Policy Automation, versions 10.2.0, 10.3.0, 10.3.1, 10.4.0, 10.4.1, 10.4.2 Oracle and Sun Systems Product Suite Oracle Secure Global Desktop, versions 4.6 prior to 4.63, 4.7 prior to 4.71 Oracle MySQL Server, versions 5.1, 5.5, 5.6 IMPACT Limited impact details have been published by Oracle in their Text Form Risk Matrices. [2] MITIGATION Oracle states, "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible." [1] Links to the appropriate patches are available at the Oracle site. [1] REFERENCES [1] Oracle Critical Patch Update Advisory - July 2013 http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html [2] Text Form of Oracle Critical Patch Update - July 2013 Risk Matrices http://www.oracle.com/technetwork/topics/security/cpujuly2013verbose-1899830.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUedBQhLndAQH1ShLAQL0WxAAiMPYz62bmAyAi2Fr6I1oKIQ/ujT7P0eH eQqaiRJQSPtqVqy6Macgibg4g6u6pppZ3Z+lnRiZUuKBAk01HaLLOlxLQL9Wxw3n IuQInUawG85+pcwwjdwFRMg7oVBD7P1iaar9LrY4Y8konxRvr1Jq1EhSJCXIp+nx r7preGncbL3ECHjcXab/DM+Z5VQKJqwfuU2uyp3YtjzUYR2A8PmgC6mj7aP9xIKS XdnNg/xxRkCZ/thbOsbPIE1q5m3zHYWq+Uem9Px13zvgy99OzoD+7of+drkb3f9d sxxcbQLOPgYTZfFOD+YIfU56x9SwcMRm6nmJxez2U9pDjxuXdB0mEsK93CnSMXcR yjpMiUdHdTKWeV3vc7W4BX9MqF3mYIQNm9MUXsx32NBl/dyf9rmhYZc2DSlmTqjz rPhGVYLdbuJamDdv5nJFzRK1MQxA8ulKO91wvLplk8DU/vWlX+wKbJ5sL0/1zILR F+r1SfwFVcmMCMdaq8cjXvIylniNuCGxQ/WDuR3A0AR+DM6Fw67LVLxJ3BZCdRxC +G1xgzgv2Ak2YRLKHa2LwnqU10QHSR3lIhT5h8QRKj2PbFAt03UkOvv7GhO2D+a/ OdDFfABFFNwF+LjQu+xBCbsP+fqSC2r49MalraM0eZZ9GTlbScf0tBhTU0XA1JEV y77VkRJO6zQ= =e3Wu -----END PGP SIGNATURE-----