FYI...

- http://isc.sans.org/diary.html?storyid=3164
Last Updated: 2007-07-18 05:57:36 UTC - "Oracle released its quarterly Critical Patch Update today. This quarterly update contains 45 new security fixes that range across many of their products. The ISC strongly recommends that these updates be applied in a timely manner as the risks posed by attackers compromising sensitive data contained in your database products. For more information on the products and versions affected, please see the Oracle Critical Patch Update* website."

* http://www.oracle.com/technology/deploy/se...cpujul2007.html

> http://blogs.oracle.com/security/2007/07/17#a62

.

This post has been edited by AplusWebMaster: Jul 18 2007, 06:35 AM

FYI...

Oracle Critical Patch Update - October 2007
- http://www.oracle.com/technology/deploy/se...cpuoct2007.html
October 16, 2007
"...This Critical Patch Update contains 51 security fixes across the hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products..."


.

FYI...

> http://sentrigo.com/press_releases-newsid-39.htm
January 14, 2008 - "...Results highlight that most organizations are not taking advantage of Oracle CPUs in a timely manner, if at all. Findings include:
* When asked: “Have you installed the latest Oracle CPU?” – Just 31 people, or ten percent of the 305 respondents, reported that they applied the most recently issued Oracle CPU.
* When asked: “Have you ever installed an Oracle CPU?” – 206 out of 305 OUG attendees surveyed, or 67.5 percent of the respondents said they had never applied any Oracle CPU..."

Oracle Critical Patch Update - January 2008
- http://www.oracle.com/technology/deploy/se...cpujan2008.html
January 15, 2008 - "...This Critical Patch Update contains 27 security fixes across hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products..."

FYI...

Oracle Critical Patch Update - April 2008
- http://www.oracle.com/technology/deploy/se...cpuapr2008.html
April 15, 2008 - "...This Critical Patch Update contains 41 security fixes across hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products..."

Downloads
- http://www.oracle.com/technology/software/index.html

- http://secunia.com/advisories/29829/
Last Update: 2008-04-17
Critical: Highly critical
Impact: Unknown, Security Bypass, Manipulation of data, DoS, System access
Where: From remote
Solution Status: Vendor Patch...



This post has been edited by AplusWebMaster: Apr 17 2008, 10:33 AM

FYI...

Oracle Critical Patch Update Advisory - July 2008
- http://www.oracle.com/technology/deploy/se...cpujul2008.html
2008-JUL-15 - Initial release
"...Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible..."

- http://isc.sans.org/diary.html?storyid=4732
Last Updated: 2008-07-15 20:45:56 UTC ...(Version: 2) - "...first time patches for BEA, Hyperion and TimesTen technology are included in the release. If you are running software from these recently-acquired vendors, please be aware..."

- http://www.us-cert.gov/current/#oracle_rel...l_patch_update3
July 15, 2008 - "Oracle has released their Critical Patch Update for July 2008 to address 45 vulnerabilities across several products. This update contains the following security fixes:
* 11 updates for Oracle Database
* 3 updates for Times Ten In-Memory Database
* 9 updates for Oracle Application Server
* 6 updates for Oracle E-Business Suite and Applications
* 2 updates for Oracle Enterprise Manager
* 7 updates for Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
* 7 updates for BEA Product Suite ..."

//

This post has been edited by AplusWebMaster: Jul 16 2008, 01:46 AM

FYI...

Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3257
Last revised: 7/24/2008
CVSS v2 Base score: 10.0 (High)

- http://www.oracle.com/technology/deploy/se...e2008-3257.html
28-July-2008 - Initial release - "...Until fixes are available, workarounds described at:
- https://support.bea.com/application_content...ories/2793.html
provide protection against this vulnerability..."

> http://xforce.iss.net/xforce/xfdb/43885

- http://www.kb.cert.org/vuls/id/716387
Last Updated: 07/29/2008

//

This post has been edited by AplusWebMaster: Jul 30 2008, 09:04 AM

FYI...

- http://preview.tinyurl.com/5s9chv
August 06, 2008

SECURITY ADVISORY (CVE-2008-3257) version .01 ...
Patch available for security vulnerability in WebLogic plug-in for Apache
Product(s) Affected: WebLogic Server and WebLogic Express

- https://support.bea.com/application_content...ories/2793.html
"...IV. SUGGESTED ACTION
Oracle strongly recommends the following course of action:
WebLogic Server plug-ins for Apache web server:
1. Download the latest web server plug-in...
(FTP location for plugin located at the support.bea.com URL above.)
2. Save a copy of your old plug-in and install the appropriate plug-in on your Web Server.
3. Restart your Web Server
Note: The WebLogic plug-in is compatible with all versions of WebLogic Server.
Note: WebLogic Server 10.3 includes this fix..."

- http://www.us-cert.gov/current/#oracle_rel...ch_for_weblogic
August 6, 2008

//

This post has been edited by AplusWebMaster: Aug 7 2008, 01:01 AM