[SECURITY-L] CAIS-Alerta: Multiplas Vunerabilidades em Produtos Oracle - Julho
CSIRT - UNICAMP
security em unicamp.br
Qua Jul 19 14:47:56 -03 2006
--------------------------- Mensagem Original ----------------------------
Assunto: CAIS-Alerta: Multiplas Vunerabilidades em Produtos Oracle - Julho
De: "Centro de Atendimento a Incidentes de Seguranca" <cais em cais.rnp.br>
Data: Qua, Julho 19, 2006 11:13 am
Para: rnp-alerta em cais.rnp.br
rnp-seg em cais.rnp.br
--------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Prezados,
O CAIS esta' repassando o alerta da Oracle, intitulado "Oracle Critical
Patch Update - July 2006" , que trata de uma serie de correcoes para
multiplas vulnerabilidades em diversos produtos Oracle.
No total 65 vulnerabilidades sao cobertas por estas correcoes, que variam
de impacto limitado a grande impacto e permitem a injecao de codigo SQL
arbitrario nos sistemas afetados.
Sistemas afetados:
. Oracle Database 10g Release 2, versions 10.2.0.1, 10.2.0.2
. Oracle Database 10g Release 1, versions 10.1.0.4, 10.1.0.5
. Oracle9i Database Release 2, versions 9.2.0.6, 9.2.0.7
. Oracle8i Database Release 3, version 8.1.7.4
. Oracle Enterprise Manager 10g Grid Control, version 10.2.0.1
. Oracle Application Server 10g Release 3, versions 10.1.3.0.0
. Oracle Application Server 10g Release 2, versions 10.1.2.0.0 -
10.1.2.0.2, 10.1.2.1.0
. Oracle Application Server 10g Release 1 (9.0.4), versions 9.0.4.2, 9.0.4.3
. Oracle Collaboration Suite 10g Release 1, version 10.1.2.0
. Oracle9i Collaboration Suite Release 2, version 9.0.4.2
. Oracle E-Business Suite Release 11i, versions 11.5.7 - 11.5.10 CU2
. Oracle E-Business Suite Release 11.0
. Oracle Pharmaceutical Applications versions 4.5.0 - 4.5.2
. Oracle PeopleSoft Enterprise Portal Solutions, Enterprise Portal,
versions 8.4, 8.8, 8.9
. Oracle PeopleSoft Enterprise Portal Solutions, Enterprise Portal with
Enforcer Portal Pack, version 8.8
. JD Edwards EnterpriseOne Tools, OneWorld Tools, versions 8.95, 8.96
. Oracle Database 10g Release 1, version 10.1.0.4.2
. Oracle Application Server Portal, versions 10.1.4.0.0
. Oracle Developer Suite, versions 6i, 9.0.4.2
. Oracle Workflow, versions 11.5.1 through 11.5.9.5
. Oracle9i Database Release 1, versions 9.0.1.4
. Oracle9i Database Release 1, versions 9.0.1.5, 9.0.1.5 FIPS
. Oracle8 Database Release 8.0.6, version 8.0.6.3
. Oracle9i Application Server Release 2, versions 9.0.2.3, 9.0.3.1
. Oracle9i Application Server Release 1, version 1.0.2.2
. Oracle Database 10g Release 1, version 10.1.0.3
. Oracle9i Database Release 2, version 9.2.0.5
. Oracle Application Server 10g Release 1 (9.0.4), version 9.0.4.1
Correcoes disponiveis:
As correcoes para os produtos Oracle, estao disponiveis mediante usuario e
senha, atraves dos enderecos fornecidos abaixo:
. Oracle Database
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=372930.1#DBAVAIL
. Oracle Application Server
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=372930.1#ASMIDTIER
. Oracle Collaboration Suite
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=372930.1#OCSAVAIL
. Oracle E-Business Suite and Application
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=372931.1
. Oracle Pharmaceutical Applications
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=374060.1
. Oracle Enterprise Manager
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=372930.1#OEMAVAIL
. Oracle PeopleSoft Enterprise and JD Edwards Enterprise
http://www.peoplesoft.com/corp/en/support/security_index.jsp
Mais informacoes:
. Oracle Critical Patch Update - July 2006
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2006.html
. Oracle Products Multiple Vulnerabilities
http://secunia.com/advisories/21111/
Identificador CVE (http://cve.mitre.org):
CVE-2006-3698, CVE-2006-3699, CVE-2006-3700, CVE-2006-3701, CVE-2006-3702,
CVE-2006-3703, CVE-2006-3704, CVE-2006-3705, CVE-2006-3706, CVE-2006-3707,
CVE-2006-3708, CVE-2006-3709, CVE-2006-3710, CVE-2006-3711, CVE-2006-3712,
CVE-2006-3713, CVE-2006-3714, CVE-2006-3715, CVE-2006-3716, CVE-2006-3717,
CVE-2006-3718, CVE-2006-3719, CVE-2006-3720, CVE-2006-3721, CVE-2006-3722,
CVE-2006-3723, CVE-2006-3724
O CAIS recomenda que os administradores mantenham seus sistemas e
aplicativos sempre atualizados, de acordo com as ultimas versoes e
correcoes oferecidas pelos fabricantes.
Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF:
http://www.rnp.br/cais/alertas/rss.xml
Atenciosamente,
################################################################
# CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) #
# Rede Nacional de Ensino e Pesquisa (RNP) #
# #
# cais em cais.rnp.br http://www.cais.rnp.br #
# Tel. 019-37873300 Fax. 019-37873301 #
# Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key #
################################################################
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/
iQCVAwUBRL4+Dekli63F4U8VAQKxzQP/Qo4BaRhTF0ieqcBVAdJ4pJu9CeJCVpFa
eZXeG8A/DrMRf0MFTilEI1wmLoTn+bWlkj8r5BACFZSBM3nbgKw2wcaERqhobzhO
judbJINnEl+Nv5zXUDudk0RoqFjXWDiQ/27MecorReykt1HXh7DmDhpM5FCxRe33
S1fXpAw/LaU=
=l+gY
-----END PGP SIGNATURE-----
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L