Foresight?

If Tyranny and Oppression come to this land, it will be in the guise of fighting a foreign enemy
James Madison (American 4th US President (1809-17), and one of the founding fathers of his country. 1751-1836)

Tuesday, April 17, 2007

Don't forget...today is Oracle Patch day!

Today is patch Tuesday for Oracle admins and the like. Oracle will be releasing a critical Patch update today that will fix some 37 bugs in the following products:

* Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3
* Oracle Database 10g Release 1, versions 10.1.0.4, 10.1.0.5
* Oracle9i Database Release 2, versions 9.2.0.7, 9.2.0.8
* Oracle Secure Enterprise Search 10g Release 1, version 10.1.8
* Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.0.0, 10.1.3.1.0, 10.1.3.2.0
* Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.0.1 - 10.1.2.0.2, 10.1.2.1.0, 10.1.2.2.0
* Oracle Application Server 10g (9.0.4), version 9.0.4.3
* Oracle10g Collaboration Suite Release 1, version 10.1.2
* Oracle E-Business Suite Release 11i, versions 11.5.7 - 11.5.10 CU2
* Oracle E-Business Suite Release 12, version 12.0.0
* Oracle Enterprise Manager 9i Release 2, versions 9.2.0.7, 9.2.0.8
* Oracle Enterprise Manager 9i, version 9.0.1.5
* Oracle PeopleSoft Enterprise PeopleTools versions 8.22, 8.47, 8.48
* Oracle PeopleSoft Enterprise Human Capital Management version 8.9
* JD Edwards EnterpriseOne Tools version 8.96
* JD Edwards OneWorld Tools SP23
* Oracle9i Database Release 1, versions 9.0.1.5, 9.0.1.5 FIPS
* Oracle9i Database Release 2, versions 9.2.0.5
* Oracle Database 10g Release 2, version 10.2.0.1

The following are things that are fixed in the various components of the above products:

Oracle Database
* Advanced Queuing
* Advanced Replication
* Authentication
* Change Data Capture (CDC)
* Core RDBMS
* Oracle Agent
* Oracle Instant Client
* Oracle Streams
* Oracle Text
* Oracle Workflow Cartridge
* Rules Manager, Expression Filter
* Ultra Search
* Upgrade/Downgrade

Oracle Application Server
* Oracle COREid Access
* Oracle Discoverer
* Oracle Portal
* Oracle Wireless
* Oracle Workflow Cartridge
* Oracle WebCenter Suite - Secure Enterprise Search

Oracle Collaboration Suite
* Oracle Workflow Cartridge fix
* 1 new Specific fix for OCS; no name

Oracle E-Business Suite
* 2 of these vulnerabilities may be remotely exploited without authentication; no other specifics, but "may be exploited over a network without the need for a username and password"
* Oracle Application Object Library
* Oracle Applications Manager
* Oracle Common Applications
* Oracle iProcurement
* Oracle iStore
* Oracle iSupport
* Oracle Report Manager
* Oracle Sales Online
* Oracle Trade Management
* Oracle Workflow Cartridge

Oracle Enterprise Manager
* 2 fixes; "both of which may be remotely exploitable without authentication, i.e. they may be exploited over a network without the need for a username and password."

Oracle PeopleSoft Enterprise PeopleTools
* 1 new security fix for PeopleSoft Enterprise Human Capital Management
* 1 new security fix for JD Edwards EnterpriseOne and JD Edwards OneWorld Tools
* JD Edwards HTML Server
* PeopleSoft Enterprise Human Capital Management
* PeopleTools

* All information comes from the following Oracle Security Bulletin: Oracle Critical Patch Update Pre-Release Announcement - April 2007

- Oracle Downloads @ Oracle
- Critical Patch Updates and Security Alerts @ Oracle

No comments: