Monday, April 14, 2008

Oracle Warns of Critical DB Server Vulnerabilities

Database server giant Oracle plans to ship a major security update on Tuesday, April 15 to cover more than 40 vulnerabilities in a wide range of products.

The fixes are part of the company's quarterly CPU (critical patch update) and will cover severe vulnerabilities across hundreds of Oracle products.

According to Oracle's CPU Pre-Release Announcement this Critical Patch Update contains 17 new security fixes for the Oracle Database including 2 for Oracle Application Express. Two of these vulnerabilities may be remotely exploited without authentication (i.e. may be exploited over a network without the need for a username and password).

CPU contains 3 new fixes for Oracle Application Server too. Each of those vulnerabilities may be remotely exploited without authentication.

    Other security fixes included in April CPU:
  • 11 new security fixes for the Oracle E-Business Suite, seven of these vulnerabilities may be remotely exploited without authentication

  • One new security fix for the Oracle Enterprise Manager, this vulnerability may not be remotely exploited without authentication

  • Three new security fixes for Oracle PeopleSoft Enterprise products, none of these vulnerabilities may be remotely exploited without authentication

  • Six new security fixes for Oracle Siebel SimBuilder products, three of these vulnerabilities may be remotely exploited without authentication



    Products affected by security vulnerabilities addressed by April CPU:
  • Oracle Database 11g, version 11.1.0.6

  • Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3

  • Oracle Database 10g, version 10.1.0.5

  • Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV

  • Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.1.0, 10.1.3.3.0

  • Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.0.2, 10.1.2.1.0, 10.1.2.2.0

  • Oracle Application Server 10g (9.0.4), version 9.0.4.3

  • Oracle Collaboration Suite 10g, version 10.1.2

  • Oracle E-Business Suite Release 12, versions 12.0.0 - 12.0.4

  • Oracle E-Business Suite Release 11i, versions 11.5.9 - 11.5.10 CU2

  • Oracle PeopleSoft Enterprise PeopleTools versions 8.22.19, 8.48.16, 8.49.09

  • Oracle PeopleSoft Enterprise HCM versions 8.8 SP1, 8.9, 9.0

  • Oracle Siebel SimBuilder versions 7.8.2, 7.8.5
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)