Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2011.0091 Oracle has released updates which correct vulnerabilities in their products 19 October 2011 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Oracle Database 11g Oracle Database 10g Oracle Fusion Middleware 11g Oracle Application Server 10g Oracle Business Intelligence Enterprise Edition Oracle Identity Management 10g Oracle Outside In Technology Oracle WebLogic Portal Oracle WebLogic Server Oracle E-Business Suite Release 12 Oracle E-Business Suite Release 11i Oracle Agile Product Supplier Collaboration for Process Oracle PeopleSoft Enterprise HRMS Oracle PeopleSoft Enterprise PeopleTools Oracle Siebel CRM Core and Apps Oracle Clinical, Remote Data Capture Oracle Thesaurus Management System Oracle Sun Product Suite Oracle Linux 5 Oracle Sun Ray Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2011-3559 CVE-2011-3543 CVE-2011-3542 CVE-2011-3541 CVE-2011-3539 CVE-2011-3538 CVE-2011-3537 CVE-2011-3536 CVE-2011-3535 CVE-2011-3534 CVE-2011-3533 CVE-2011-3532 CVE-2011-3530 CVE-2011-3529 CVE-2011-3528 CVE-2011-3527 CVE-2011-3526 CVE-2011-3525 CVE-2011-3523 CVE-2011-3522 CVE-2011-3520 CVE-2011-3519 CVE-2011-3518 CVE-2011-3517 CVE-2011-3515 CVE-2011-3513 CVE-2011-3512 CVE-2011-3511 CVE-2011-3510 CVE-2011-3508 CVE-2011-3507 CVE-2011-3506 CVE-2011-3192 CVE-2011-2327 CVE-2011-2323 CVE-2011-2322 CVE-2011-2320 CVE-2011-2319 CVE-2011-2318 CVE-2011-2316 CVE-2011-2315 CVE-2011-2314 CVE-2011-2313 CVE-2011-2312 CVE-2011-2311 CVE-2011-2310 CVE-2011-2309 CVE-2011-2308 CVE-2011-2306 CVE-2011-2304 CVE-2011-2303 CVE-2011-2302 CVE-2011-2301 CVE-2011-2292 CVE-2011-2286 CVE-2011-2255 CVE-2011-2237 Member content until: Friday, November 18 2011 Reference: ASB-2011.0080 ASB-2011.0076.2 OVERVIEW Oracle has released updates which correct vulnerabilities in their products. [1] IMPACT Specific impacts have not been published by Oracle at this time however the following information regarding CVSS 2.0 scoring and affected products is available from the Oracle site [1]. Oracle states, "this Critical Patch Update contains 57 new security fixes across all product families listed below." [1] The following products are affected: Oracle Database 11g Release 2, version 11.2.0.2 Oracle Database 11g Release 1, version 11.1.0.7 Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 Oracle Database 10g Release 1, version 10.1.0.5 Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0 Oracle Application Server 10g Release 3, version 10.1.3.5.0 Oracle Application Server 10g Release 2, version 10.1.2.3.0 Oracle Business Intelligence Enterprise Edition, versions 11.1.1.3, 11.1.1.5 Oracle Identity Management 10g, versions 10.1.4.0.1, 10.1.4.3 Oracle Outside In Technology, versions 8.3.5, 8.3.7 Oracle WebLogic Portal, versions 9.2.3.0, 10.0.1.0, 10.2.1.0, 10.3.2.0 Oracle WebLogic Server, versions 9.2.4, 10.0.2, 11gR1 (10.3.3, 10.3.4, 10.3.5) Oracle E-Business Suite Release 12, versions 12.0.6, 12.1.2, 12.1.3 Oracle E-Business Suite Release 11i, version 11.5.10.2 Oracle Agile Product Supplier Collaboration for Process, versions 5.2.2, 6.0.0.2, 6.0.0.3, 6.0.0.4 Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 Oracle Siebel CRM Core and Apps, versions 8.0.0, 8.1.1 Oracle Clinical, Remote Data Capture, versions 4.6, 4.6.2 Oracle Thesaurus Management System, versions 4.6.1, 4.6.2 Oracle Sun Product Suite Oracle Linux 5 Oracle Sun Ray MITIGATION Links to the appropriate patches are available at the Oracle website. [1] REFERENCES [1] Oracle Critical Patch Update Advisory - October 2011 http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBTp438u4yVqjM2NGpAQL/YQ//QmjBZONsAC/xedIyZHvZgf5bK+11Afnz OSlGnWFP7BQxr5TaVhvvwf34klxKve+M6EnqbXMSw/xLWfTTMB6yj1bav8Mq5qCN 2TBR9L5MsmcCuW2HnQoTfqS7RbZZW4yRMH9abIoFu3xNuDv6NQPdre/nBRjQaLxH jcvejw6nMUiLy7xQQQKITpggWF1OI+4qdK+IPQUfcmiory4OSfcv52xT3IZhUIkW 4plKRIFoJpcjreJzfcNffJRSZzlG/GgCm/qf9d45WQjOHTcwc9ygGWIZu/UkAILJ RHofkxO/7YoSq4U4NKAZDaQ8s9Qt64nR7YI815QD4BvoGtsJLCCskrnt6vFRbQNp JePL2biggOcTa6+A/DkvIM438zOquv7bcEH4Umdf01tsbsupVJXiyZ1MK9LWm8ob rV5N/wM0k0Shu4nWRrNCjSEEBOHutSSRWkfNTEqo1kDkKr+lPGJD2sMnAj18NpIG suMzMx7QshLLyZg3lBx6afe4A7sMthWYgv+pdh9dHtvLMlTIyCSgwPODOtuptIf1 LWDdFPsQk8ZSeBUdN4QfeyRvsCei7trsgdiHxIzWcstDxQNU1WOEI/XS0Jh9xCUa xMATJP3hhxLLy76MB8vEjiqPFcAg1kBTgVE48YfIPhZQkaSc+jbWleAfS+duxFU/ zW4q5h4LIak= =C1ke -----END PGP SIGNATURE-----