Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0009 Oracle has released 78 updates which correct vulnerabilities in their products 18 January 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3 Oracle Database 11g Release 1, version 11.1.0.7 Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 Oracle Database 10g Release 1, version 10.1.0.5 Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0 Oracle Application Server 10g Release 3, version 10.1.3.5.0 Oracle Outside In Technology, versions 8.3.5, 8.3.7 Oracle WebLogic Server, versions 9.2.4, 10.0.2, 11gR1 (10.3.3, 10.3.4, 10.3.5) Oracle E-Business Suite Release 12, versions 12.1.2, 12.1.3 Oracle E-Business Suite Release 11i, version 11.5.10.2 Oracle Transportation Management, versions 5.5, 6.0, 6.1, 6.2 Oracle PeopleSoft Enterprise CRM, version 8.9 Oracle PeopleSoft Enterprise HCM, versions 8.9, 9.0, 9.1 Oracle PeopleSoft Enterprise PeopleTools, version 8.52 Oracle JDEdwards, version 8.98 Oracle Sun Product Suite Oracle VM VirtualBox, version 4.1 Oracle Virtual Desktop Infrastructure, version 3.2 Oracle MySQL Server, versions 5.0, 5.1, 5.5 Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Reduced Security -- Unknown/Unspecified Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-0496 CVE-2012-0495 CVE-2012-0494 CVE-2012-0493 CVE-2012-0492 CVE-2012-0491 CVE-2012-0490 CVE-2012-0489 CVE-2012-0488 CVE-2012-0487 CVE-2012-0486 CVE-2012-0485 CVE-2012-0484 CVE-2012-0120 CVE-2012-0119 CVE-2012-0118 CVE-2012-0117 CVE-2012-0116 CVE-2012-0115 CVE-2012-0114 CVE-2012-0113 CVE-2012-0112 CVE-2012-0111 CVE-2012-0110 CVE-2012-0109 CVE-2012-0105 CVE-2012-0104 CVE-2012-0103 CVE-2012-0102 CVE-2012-0101 CVE-2012-0100 CVE-2012-0099 CVE-2012-0098 CVE-2012-0097 CVE-2012-0096 CVE-2012-0094 CVE-2012-0091 CVE-2012-0089 CVE-2012-0088 CVE-2012-0087 CVE-2012-0085 CVE-2012-0084 CVE-2012-0083 CVE-2012-0081 CVE-2012-0080 CVE-2012-0079 CVE-2012-0078 CVE-2012-0077 CVE-2012-0076 CVE-2012-0075 CVE-2012-0074 CVE-2012-0073 CVE-2011-5035 CVE-2011-4517 CVE-2011-4516 CVE-2011-3574 CVE-2011-3573 CVE-2011-3571 CVE-2011-3570 CVE-2011-3569 CVE-2011-3568 CVE-2011-3566 CVE-2011-3565 CVE-2011-3564 CVE-2011-3531 CVE-2011-3524 CVE-2011-3514 CVE-2011-3509 CVE-2011-3192 CVE-2011-2326 CVE-2011-2325 CVE-2011-2324 CVE-2011-2321 CVE-2011-2317 CVE-2011-2271 CVE-2011-2262 Member content until: Friday, February 17 2012 Reference: ASB-2012.0007 ASB-2011.0091 ASB-2011.0080 ASB-2011.0076.2 OVERVIEW Oracle have released updates which correct vulnerabilities in their products. [1] IMPACT Specific impacts have not been published by Oracle at this time however the following information regarding CVSS 2.0 scoring and affected products is available from the Oracle site [1]. Oracle states, "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 78 new security fixes across all product families listed below." [1] Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3 Oracle Database 11g Release 1, version 11.1.0.7 Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 Oracle Database 10g Release 1, version 10.1.0.5 Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0 Oracle Application Server 10g Release 3, version 10.1.3.5.0 Oracle Outside In Technology, versions 8.3.5, 8.3.7 Oracle WebLogic Server, versions 9.2.4, 10.0.2, 11gR1 (10.3.3, 10.3.4, 10.3.5) Oracle E-Business Suite Release 12, versions 12.1.2, 12.1.3 Oracle E-Business Suite Release 11i, version 11.5.10.2 Oracle Transportation Management, versions 5.5, 6.0, 6.1, 6.2 Oracle PeopleSoft Enterprise CRM, version 8.9 Oracle PeopleSoft Enterprise HCM, versions 8.9, 9.0, 9.1 Oracle PeopleSoft Enterprise PeopleTools, version 8.52 Oracle JDEdwards, version 8.98 Oracle Sun Product Suite Oracle VM VirtualBox, version 4.1 Oracle Virtual Desktop Infrastructure, version 3.2 Oracle MySQL Server, versions 5.0, 5.1, 5.5 MITIGATION Oracle states, "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. " Links to the appropriate patches are available at the Oracle website. [1] REFERENCES [1] Oracle Critical Patch Update Advisory - January 2012 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBTxYafu4yVqjM2NGpAQJfbA/+IYlzaL4xiT4t+FIEcvJCgRrVBQJ+Jy3X AvXCBjLMA1DgZzAgmRxDUrZnVNdYm0P00KDYjXxlSk9yNGiYlh/DaWcO7RzpOzMl pi1bbzuGvxFoCRoWVk70mIBQ154wcZ2+fYlhKF5n8vagjljgfT/VV1ERGjHuSq2h S2DD7mwBNVD4pnrjkK8seB4pJPo7X6DY7TrCS6FGwUL5Kc03+YYz+xNNMEicOQm1 XWHtQl2GPdXrzZZU2mkDUe6kU83iTL63lez/FUgj7njVVHprKhjOdSuy+pp1uvX8 gMB8b1+B67IN07u4mihdua6WL4nkAXDT6zySJpf/YxjBXIsLA2u3BKVFkcM3LdJi YwGTmwIMzSoVsjTd/OJ8F5P1F759m8YpH9kTOhvl+bnTltAmXEcrbdOHtyg4qeTl 5rRoiH1BdmLcruLaw+3zUZR0uyWXY2GKvWZMh+eECz9SD0YVP7G9qzhq+omDCvSP B38Abc4/ww31t8edWnMCMvQcV1JUKLFSRpBaK5NZwfCIqTflPXS/ToYxxW6cLmyU LzN2Kq75OMgII7GXQVI1YFlPlMHepKBH/BfuR9ab4Sipfq+XFydHh1WJSg9XVQ/M +AWT2CX9wAGAmUH90yAAovAYGIsine/H2WnTrlAf/bP/dCBhIQCYNilUfpm/0V0c 69tdWpeHdqo= =n0sv -----END PGP SIGNATURE-----