Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2011.0091
Oracle has released updates which correct vulnerabilities in their products
19 October 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Oracle Database 11g
Oracle Database 10g
Oracle Fusion Middleware 11g
Oracle Application Server 10g
Oracle Business Intelligence Enterprise Edition
Oracle Identity Management 10g
Oracle Outside In Technology
Oracle WebLogic Portal
Oracle WebLogic Server
Oracle E-Business Suite Release 12
Oracle E-Business Suite Release 11i
Oracle Agile Product Supplier Collaboration for Process
Oracle PeopleSoft Enterprise HRMS
Oracle PeopleSoft Enterprise PeopleTools
Oracle Siebel CRM Core and Apps
Oracle Clinical, Remote Data Capture
Oracle Thesaurus Management System
Oracle Sun Product Suite
Oracle Linux 5
Oracle Sun Ray
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Reduced Security -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2011-3559 CVE-2011-3543 CVE-2011-3542
CVE-2011-3541 CVE-2011-3539 CVE-2011-3538
CVE-2011-3537 CVE-2011-3536 CVE-2011-3535
CVE-2011-3534 CVE-2011-3533 CVE-2011-3532
CVE-2011-3530 CVE-2011-3529 CVE-2011-3528
CVE-2011-3527 CVE-2011-3526 CVE-2011-3525
CVE-2011-3523 CVE-2011-3522 CVE-2011-3520
CVE-2011-3519 CVE-2011-3518 CVE-2011-3517
CVE-2011-3515 CVE-2011-3513 CVE-2011-3512
CVE-2011-3511 CVE-2011-3510 CVE-2011-3508
CVE-2011-3507 CVE-2011-3506 CVE-2011-3192
CVE-2011-2327 CVE-2011-2323 CVE-2011-2322
CVE-2011-2320 CVE-2011-2319 CVE-2011-2318
CVE-2011-2316 CVE-2011-2315 CVE-2011-2314
CVE-2011-2313 CVE-2011-2312 CVE-2011-2311
CVE-2011-2310 CVE-2011-2309 CVE-2011-2308
CVE-2011-2306 CVE-2011-2304 CVE-2011-2303
CVE-2011-2302 CVE-2011-2301 CVE-2011-2292
CVE-2011-2286 CVE-2011-2255 CVE-2011-2237
Member content until: Friday, November 18 2011
Reference: ASB-2011.0080
ASB-2011.0076.2
OVERVIEW
Oracle has released updates which correct vulnerabilities in their
products. [1]
IMPACT
Specific impacts have not been published by Oracle at this time
however the following information regarding CVSS 2.0 scoring and
affected products is available from the Oracle site [1].
Oracle states, "this Critical Patch Update contains 57 new security
fixes across all product families listed below." [1]
The following products are affected:
Oracle Database 11g Release 2, version 11.2.0.2
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Database 10g Release 1, version 10.1.0.5
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0,
11.1.1.4.0, 11.1.1.5.0
Oracle Application Server 10g Release 3, version 10.1.3.5.0
Oracle Application Server 10g Release 2, version 10.1.2.3.0
Oracle Business Intelligence Enterprise Edition, versions 11.1.1.3,
11.1.1.5
Oracle Identity Management 10g, versions 10.1.4.0.1, 10.1.4.3
Oracle Outside In Technology, versions 8.3.5, 8.3.7
Oracle WebLogic Portal, versions 9.2.3.0, 10.0.1.0, 10.2.1.0, 10.3.2.0
Oracle WebLogic Server, versions 9.2.4, 10.0.2, 11gR1 (10.3.3, 10.3.4,
10.3.5)
Oracle E-Business Suite Release 12, versions 12.0.6, 12.1.2, 12.1.3
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle Agile Product Supplier Collaboration for Process, versions
5.2.2, 6.0.0.2, 6.0.0.3, 6.0.0.4
Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1
Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51
Oracle Siebel CRM Core and Apps, versions 8.0.0, 8.1.1
Oracle Clinical, Remote Data Capture, versions 4.6, 4.6.2
Oracle Thesaurus Management System, versions 4.6.1, 4.6.2
Oracle Sun Product Suite
Oracle Linux 5
Oracle Sun Ray
MITIGATION
Links to the appropriate patches are available at the Oracle
website. [1]
REFERENCES
[1] Oracle Critical Patch Update Advisory - October 2011
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTp438u4yVqjM2NGpAQL/YQ//QmjBZONsAC/xedIyZHvZgf5bK+11Afnz
OSlGnWFP7BQxr5TaVhvvwf34klxKve+M6EnqbXMSw/xLWfTTMB6yj1bav8Mq5qCN
2TBR9L5MsmcCuW2HnQoTfqS7RbZZW4yRMH9abIoFu3xNuDv6NQPdre/nBRjQaLxH
jcvejw6nMUiLy7xQQQKITpggWF1OI+4qdK+IPQUfcmiory4OSfcv52xT3IZhUIkW
4plKRIFoJpcjreJzfcNffJRSZzlG/GgCm/qf9d45WQjOHTcwc9ygGWIZu/UkAILJ
RHofkxO/7YoSq4U4NKAZDaQ8s9Qt64nR7YI815QD4BvoGtsJLCCskrnt6vFRbQNp
JePL2biggOcTa6+A/DkvIM438zOquv7bcEH4Umdf01tsbsupVJXiyZ1MK9LWm8ob
rV5N/wM0k0Shu4nWRrNCjSEEBOHutSSRWkfNTEqo1kDkKr+lPGJD2sMnAj18NpIG
suMzMx7QshLLyZg3lBx6afe4A7sMthWYgv+pdh9dHtvLMlTIyCSgwPODOtuptIf1
LWDdFPsQk8ZSeBUdN4QfeyRvsCei7trsgdiHxIzWcstDxQNU1WOEI/XS0Jh9xCUa
xMATJP3hhxLLy76MB8vEjiqPFcAg1kBTgVE48YfIPhZQkaSc+jbWleAfS+duxFU/
zW4q5h4LIak=
=C1ke
-----END PGP SIGNATURE-----