38 replies to this topic

[AplusWebMaster]

FYI...

- http://isc.sans.org/...ml?storyid=3164
Last Updated: 2007-07-18 05:57:36 UTC - "Oracle released its quarterly Critical Patch Update today. This quarterly update contains 45 new security fixes that range across many of their products. The ISC strongly recommends that these updates be applied in a timely manner as the risks posed by attackers compromising sensitive data contained in your database products. For more information on the products and versions affected, please see the Oracle Critical Patch Update* website."

* http://www.oracle.co...cpujul2007.html

> http://blogs.oracle..../2007/07/17#a62

.

Edited by AplusWebMaster, 06 February 2010 - 09:31 AM.

[AplusWebMaster]

FYI...

Oracle Critical Patch Update - October 2007
- http://www.oracle.co...cpuoct2007.html
October 16, 2007
"...This Critical Patch Update contains 51 security fixes across the hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products..."


.

[AplusWebMaster]

FYI...

> http://sentrigo.com/...s-newsid-39.htm
January 14, 2008 - "...Results highlight that most organizations are not taking advantage of Oracle CPUs in a timely manner, if at all. Findings include:
* When asked: “Have you installed the latest Oracle CPU?” – Just 31 people, or ten percent of the 305 respondents, reported that they applied the most recently issued Oracle CPU.
* When asked: “Have you ever installed an Oracle CPU?” – 206 out of 305 OUG attendees surveyed, or 67.5 percent of the respondents said they had never applied any Oracle CPU..."

Oracle Critical Patch Update - January 2008
- http://www.oracle.co...cpujan2008.html
January 15, 2008 - "...This Critical Patch Update contains 27 security fixes across hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products..."

[AplusWebMaster]

FYI...

Oracle Critical Patch Update - April 2008
- http://www.oracle.co...cpuapr2008.html
April 15, 2008 - "...This Critical Patch Update contains 41 security fixes across hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products..."

Downloads
- http://www.oracle.co...ware/index.html

- http://secunia.com/advisories/29829/
Last Update: 2008-04-17
Critical: Highly critical
Impact: Unknown, Security Bypass, Manipulation of data, DoS, System access
Where: From remote
Solution Status: Vendor Patch...

Edited by AplusWebMaster, 17 April 2008 - 10:33 AM.

[AplusWebMaster]

FYI...

Oracle Critical Patch Update Advisory - July 2008
- http://www.oracle.co...cpujul2008.html
2008-JUL-15 - Initial release
"...Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible..."

- http://isc.sans.org/...ml?storyid=4732
Last Updated: 2008-07-15 20:45:56 UTC ...(Version: 2) - "...first time patches for BEA, Hyperion and TimesTen technology are included in the release. If you are running software from these recently-acquired vendors, please be aware..."

- http://www.us-cert.g...l_patch_update3
July 15, 2008 - "Oracle has released their Critical Patch Update for July 2008 to address 45 vulnerabilities across several products. This update contains the following security fixes:
* 11 updates for Oracle Database
* 3 updates for Times Ten In-Memory Database
* 9 updates for Oracle Application Server
* 6 updates for Oracle E-Business Suite and Applications
* 2 updates for Oracle Enterprise Manager
* 7 updates for Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
* 7 updates for BEA Product Suite ..."

//

Edited by AplusWebMaster, 16 July 2008 - 01:46 AM.
Added US-CERT advisory info...

[AplusWebMaster]

FYI...

Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier
- http://nvd.nist.gov/...e=CVE-2008-3257
Last revised: 7/24/2008
CVSS v2 Base score: 10.0 (High)

- http://www.oracle.co...e2008-3257.html
28-July-2008 - Initial release - "...Until fixes are available, workarounds described at:
- https://support.bea....ories/2793.html
provide protection against this vulnerability..."

> http://xforce.iss.ne...orce/xfdb/43885

- http://www.kb.cert.org/vuls/id/716387
Last Updated: 07/29/2008

//

Edited by AplusWebMaster, 30 July 2008 - 09:04 AM.
Added US-CERT advisory...

[AplusWebMaster]

FYI...

- http://preview.tinyurl.com/5s9chv
August 06, 2008

SECURITY ADVISORY (CVE-2008-3257) version .01 ...
Patch available for security vulnerability in WebLogic plug-in for Apache
Product(s) Affected: WebLogic Server and WebLogic Express

- https://support.bea....ories/2793.html
"...IV. SUGGESTED ACTION
Oracle strongly recommends the following course of action:
WebLogic Server plug-ins for Apache web server:
1. Download the latest web server plug-in...
(FTP location for plugin located at the support.bea.com URL above.)
2. Save a copy of your old plug-in and install the appropriate plug-in on your Web Server.
3. Restart your Web Server
Note: The WebLogic plug-in is compatible with all versions of WebLogic Server.
Note: WebLogic Server 10.3 includes this fix..."

- http://www.us-cert.g...ch_for_weblogic
August 6, 2008

//

Edited by AplusWebMaster, 07 August 2008 - 01:01 AM.
Added US-CERT link...

[AplusWebMaster]

FYI...

Oracle Critical Patch Update Advisory - October 2008
- http://www.oracle.co...cpuoct2008.html
Oct. 14, 2008 - "...Please refer to Critical Patch Updates* and Security Alerts for information about Oracle Security Advisories. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible. This Critical Patch Update contains 36 new security fixes across all products..."
* http://www.oracle.co...rity/alerts.htm

- http://secunia.com/advisories/32291/
Release Date: 2008-10-15
Critical: Moderately critical

Edited by AplusWebMaster, 16 October 2008 - 07:16 AM.
Added Secunia advisory link...

[AplusWebMaster]

FYI...

Oracle Critical Patch Update Advisory - January 2009
- http://www.oracle.co...cpujan2009.html
13 January 2009 - "...Critical Patch Updates are cumulative, except as noted below, but each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes...
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible. This Critical Patch Update contains 41 new security fixes across all products..."

- http://www.oracle.co...calPatchUpdates
13 January 2009

- http://isc.sans.org/...ml?storyid=5692

- http://secunia.com/advisories/33525/
- http://secunia.com/advisories/33526/
- http://secunia.com/advisories/33535/

Edited by AplusWebMaster, 14 January 2009 - 06:52 AM.

[AplusWebMaster]

FYI...

Oracle Critical Patch Update Advisory - April 2009
- http://www.oracle.co...cpuapr2009.html
2009-Apr-14 - "... Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. Please refer to Critical Patch Updates and Security Alerts* for information about Oracle Security Advisories. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible. This Critical Patch Update contains 43 new security fixes across all products..."
* http://www.oracle.co...calPatchUpdates

- http://secunia.com/advisories/34693/2/
Release Date: 2009-04-15
Critical: Highly critical
Impact: Unknown, Manipulation of data, System access
Where: From remote
Solution Status: Vendor Patch...
- http://secunia.com/advisories/34693/3/
(CVE reference links)

- http://secunia.com/advisories/34730/2/
Release Date: 2009-04-15
Critical: Moderately critical
Impact: Privilege escalation
Where: From remote
Solution Status: Vendor Patch
Software: BEA WebLogic Portal 8.x ...
Original Advisory: Oracle:
http://www.oracle.co...urity/1001.html ...

Edited by AplusWebMaster, 15 April 2009 - 04:18 AM.
Added Secunia advisory info...

[AplusWebMaster]

FYI...

Oracle Critical Patch updates - July 2009
- http://www.oracle.co...cpujul2009.html
2009-Jul-14 - "... Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible. This Critical Patch Update contains 30 new security fixes across all products..."

- http://secunia.com/advisories/35776/2/
Release Date: 2009-07-15
Critical: Highly critical
Impact: Exposure of system information, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch ...

[AplusWebMaster]

FYI...

Oracle Critical Patch Update (CPU) - October 2009
- http://isc.sans.org/...ml?storyid=7408
Last Updated: 2009-10-20 09:25:51 UTC - "Today, October 20, Oracle releases its quarterly CPU. There are lots of vulnerabilities DBAs must act upon ASAP. I specially want to point out that, although it "only" addresses 38 vulnerabilities...
• 16 fixes address flaws in the Oracle database (six can be exploited remotely without user interaction)
• 3 fixes address flaws in the Oracle Application Server (two can be exploited remotely without user interaction)
• 8 fixes address flaws in the Oracle Applications Suite (five can be exploited remotely without user interaction)

More information...:
http://www.oracle.co...cpuoct2009.html "

[AplusWebMaster]

FYI...

Oracle Critical Patch Update - January 2010
- http://www.oracle.co...cpujan2010.html
January 12, 2010 - "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 24 new security fixes across all products..."

(Detail available at the URL above.)

[AplusWebMaster]

FYI...

Oracle WebLogic Server Security Alert
- http://isc.sans.org/...ml?storyid=8173
Last Updated: 2010-02-06 01:17:54 UTC - "Oracle issued a Security Alert that address a vulnerability in the Node Manager component of Oracle WebLogic Server (CVE-2010-0073). According to Oracle, "This vulnerability may be remotely exploitable without authentication. A knowledgeable and malicious remote user can exploit this vulnerability which can result in impacting the availability, integrity and confidentiality of the targeted system." Oracle strongly recommends testing and apply this fix as soon as possible. Additional information is available here*.
The list of affected product:
Oracle WebLogic Server 11gR1 releases (10.3.1 and 10.3.2)
Oracle WebLogic Server 10gR3 release (10.3.0)
Oracle WebLogic Server 10.0 through MP2
Oracle WebLogic Server 9.0, 9.1, 9.2 through MP3
Oracle WebLogic Server 8.1 through SP6
Oracle WebLogic Server 7.0 through SP7
----------- "
* http://www.oracle.co...-2010-0073.html
04-February-2010

- http://www.us-cert.g...urity_alert_for
February 7, 2010

- http://secunia.com/advisories/38473/2/
Release Date: 2010-02-08
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
Software: Oracle WebLogic Server 10.x, Oracle WebLogic Server 7.x, Oracle WebLogic Server 8.x, Oracle WebLogic Server 9.x ...
Solution: Apply the patches.
https://support.orac...mp;id=1058764.1
Original Advisory: http://www.oracle.co...-2010-0073.html

Edited by AplusWebMaster, 08 February 2010 - 08:39 AM.

[AplusWebMaster]

FYI...

Oracle Critical Patch Update Advisory - April 2010
- http://www.oracle.co...cpuapr2010.html
April 13, 2010 - "... For each administered Oracle product, consult the documentation for patch availability information and installation instructions referenced from the following table*. For an overview of the Oracle product documentation related to this Critical Patch Update, please refer to the Oracle Critical Patch Update April 2010 Documentation Map, My Oracle Support Note 981278.1**...
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible..."
* http://www.oracle.co...pr2010.html#PIN

** http://support.oracl...amp;id=981278.1

- http://www.us-cert.g..._patch_update11
April 13, 2010 - "... This update contains the following security fixes:
• 7 for Oracle Database Server
• 5 for Oracle Fusion Middleware
• 1 for Oracle Collaboration Suite
• 8 for Oracle Application Suite
• 4 for PeopleSoft and JD Edwards Suite
• 6 for Oracle Industry Applications
• 16 for Oracle Solaris Products Suite ..."