FYI...

- http://isc.sans.org/diary.html?storyid=3164
Last Updated: 2007-07-18 05:57:36 UTC - "Oracle released its quarterly Critical Patch Update today. This quarterly update contains 45 new security fixes that range across many of their products. The ISC strongly recommends that these updates be applied in a timely manner as the risks posed by attackers compromising sensitive data contained in your database products. For more information on the products and versions affected, please see the Oracle Critical Patch Update* website."

* http://www.oracle.com/technology/deploy/se...cpujul2007.html

> http://blogs.oracle.com/security/2007/07/17#a62

.

This post has been edited by AplusWebMaster: Jul 18 2007, 06:35 AM

FYI...

Oracle Critical Patch Update - October 2007
- http://www.oracle.com/technology/deploy/se...cpuoct2007.html
October 16, 2007
"...This Critical Patch Update contains 51 security fixes across the hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products..."


.

FYI...

> http://sentrigo.com/press_releases-newsid-39.htm
January 14, 2008 - "...Results highlight that most organizations are not taking advantage of Oracle CPUs in a timely manner, if at all. Findings include:
* When asked: “Have you installed the latest Oracle CPU?” – Just 31 people, or ten percent of the 305 respondents, reported that they applied the most recently issued Oracle CPU.
* When asked: “Have you ever installed an Oracle CPU?” – 206 out of 305 OUG attendees surveyed, or 67.5 percent of the respondents said they had never applied any Oracle CPU..."

Oracle Critical Patch Update - January 2008
- http://www.oracle.com/technology/deploy/se...cpujan2008.html
January 15, 2008 - "...This Critical Patch Update contains 27 security fixes across hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products..."

FYI...

Oracle Critical Patch Update - April 2008
- http://www.oracle.com/technology/deploy/se...cpuapr2008.html
April 15, 2008 - "...This Critical Patch Update contains 41 security fixes across hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products..."

Downloads
- http://www.oracle.com/technology/software/index.html

- http://secunia.com/advisories/29829/
Last Update: 2008-04-17
Critical: Highly critical
Impact: Unknown, Security Bypass, Manipulation of data, DoS, System access
Where: From remote
Solution Status: Vendor Patch...



This post has been edited by AplusWebMaster: Apr 17 2008, 10:33 AM

FYI...

Oracle Critical Patch Update Advisory - July 2008
- http://www.oracle.com/technology/deploy/se...cpujul2008.html
2008-JUL-15 - Initial release
"...Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible..."

- http://isc.sans.org/diary.html?storyid=4732
Last Updated: 2008-07-15 20:45:56 UTC ...(Version: 2) - "...first time patches for BEA, Hyperion and TimesTen technology are included in the release. If you are running software from these recently-acquired vendors, please be aware..."

- http://www.us-cert.gov/current/#oracle_rel...l_patch_update3
July 15, 2008 - "Oracle has released their Critical Patch Update for July 2008 to address 45 vulnerabilities across several products. This update contains the following security fixes:
* 11 updates for Oracle Database
* 3 updates for Times Ten In-Memory Database
* 9 updates for Oracle Application Server
* 6 updates for Oracle E-Business Suite and Applications
* 2 updates for Oracle Enterprise Manager
* 7 updates for Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
* 7 updates for BEA Product Suite ..."

//

This post has been edited by AplusWebMaster: Jul 16 2008, 01:46 AM

FYI...

Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3257
Last revised: 7/24/2008
CVSS v2 Base score: 10.0 (High)

- http://www.oracle.com/technology/deploy/se...e2008-3257.html
28-July-2008 - Initial release - "...Until fixes are available, workarounds described at:
- https://support.bea.com/application_content...ories/2793.html
provide protection against this vulnerability..."

> http://xforce.iss.net/xforce/xfdb/43885

- http://www.kb.cert.org/vuls/id/716387
Last Updated: 07/29/2008

//

This post has been edited by AplusWebMaster: Jul 30 2008, 09:04 AM

FYI...

- http://preview.tinyurl.com/5s9chv
August 06, 2008

SECURITY ADVISORY (CVE-2008-3257) version .01 ...
Patch available for security vulnerability in WebLogic plug-in for Apache
Product(s) Affected: WebLogic Server and WebLogic Express

- https://support.bea.com/application_content...ories/2793.html
"...IV. SUGGESTED ACTION
Oracle strongly recommends the following course of action:
WebLogic Server plug-ins for Apache web server:
1. Download the latest web server plug-in...
(FTP location for plugin located at the support.bea.com URL above.)
2. Save a copy of your old plug-in and install the appropriate plug-in on your Web Server.
3. Restart your Web Server
Note: The WebLogic plug-in is compatible with all versions of WebLogic Server.
Note: WebLogic Server 10.3 includes this fix..."

- http://www.us-cert.gov/current/#oracle_rel...ch_for_weblogic
August 6, 2008

//

This post has been edited by AplusWebMaster: Aug 7 2008, 01:01 AM

FYI...

Oracle Critical Patch Update Advisory - October 2008
- http://www.oracle.com/technology/deploy/se...cpuoct2008.html
Oct. 14, 2008 - "...Please refer to Critical Patch Updates* and Security Alerts for information about Oracle Security Advisories. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible. This Critical Patch Update contains 36 new security fixes across all products..."
* http://www.oracle.com/technology/deploy/security/alerts.htm

- http://secunia.com/advisories/32291/
Release Date: 2008-10-15
Critical: Moderately critical


This post has been edited by AplusWebMaster: Oct 16 2008, 07:16 AM

FYI...

Oracle Critical Patch Update Advisory - January 2009
- http://www.oracle.com/technology/deploy/se...cpujan2009.html
13 January 2009 - "...Critical Patch Updates are cumulative, except as noted below, but each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes...
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible. This Critical Patch Update contains 41 new security fixes across all products..."

- http://www.oracle.com/technology/deploy/se...calPatchUpdates
13 January 2009

- http://isc.sans.org/diary.html?storyid=5692

- http://secunia.com/advisories/33525/
- http://secunia.com/advisories/33526/
- http://secunia.com/advisories/33535/



This post has been edited by AplusWebMaster: Jan 14 2009, 06:52 AM

FYI...

Oracle Critical Patch Update Advisory - April 2009
- http://www.oracle.com/technology/deploy/se...cpuapr2009.html
2009-Apr-14 - "... Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. Please refer to Critical Patch Updates and Security Alerts* for information about Oracle Security Advisories. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible. This Critical Patch Update contains 43 new security fixes across all products..."
* http://www.oracle.com/technology/deploy/se...calPatchUpdates

- http://secunia.com/advisories/34693/2/
Release Date: 2009-04-15
Critical: Highly critical
Impact: Unknown, Manipulation of data, System access
Where: From remote
Solution Status: Vendor Patch...
- http://secunia.com/advisories/34693/3/
(CVE reference links)

- http://secunia.com/advisories/34730/2/
Release Date: 2009-04-15
Critical: Moderately critical
Impact: Privilege escalation
Where: From remote
Solution Status: Vendor Patch
Software: BEA WebLogic Portal 8.x ...
Original Advisory: Oracle:
http://www.oracle.com/technology/deploy/se...urity/1001.html ...



This post has been edited by AplusWebMaster: Apr 15 2009, 04:18 AM

FYI...

Oracle Critical Patch updates - July 2009
- http://www.oracle.com/technology/deploy/se...cpujul2009.html
2009-Jul-14 - "... Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible. This Critical Patch Update contains 30 new security fixes across all products..."

- http://secunia.com/advisories/35776/2/
Release Date: 2009-07-15
Critical: Highly critical
Impact: Exposure of system information, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch ...

FYI...

Oracle Critical Patch Update (CPU) - October 2009
- http://isc.sans.org/diary.html?storyid=7408
Last Updated: 2009-10-20 09:25:51 UTC - "Today, October 20, Oracle releases its quarterly CPU. There are lots of vulnerabilities DBAs must act upon ASAP. I specially want to point out that, although it "only" addresses 38 vulnerabilities...
• 16 fixes address flaws in the Oracle database (six can be exploited remotely without user interaction)
• 3 fixes address flaws in the Oracle Application Server (two can be exploited remotely without user interaction)
• 8 fixes address flaws in the Oracle Applications Suite (five can be exploited remotely without user interaction)

More information...:
http://www.oracle.com/technology/deploy/se...cpuoct2009.html "