TotalChoice Hosting Family Forums > Oracle Products Contain Multiple Vulnerabilities

Full Version: Oracle Products Contain Multiple Vulnerabilities

TotalChoice Hosting Family Forums > TotalChoice Hosting General Support > Security Discussions

woodygap

Apr 27 2005, 06:41 PM

Thought I would share a partial e-mail for anyone interested. I included some links at the bottom if you need more info on this.

Oracle Products Contain Multiple Vulnerabilities

Original release date: April 27, 2005
Last revised: --
Source: US-CERT

Systems Affected

From the Oracle Critical Patch Update - April 2005:

* Oracle Database 10g Release 1, versions 10.1.0.2, 10.1.0.3,
10.1.0.3.1, 10.1.0.4 (10.1.0.3.1 is supported for Oracle
Application Server only)
* Oracle9i Database Server Release 2, versions 9.2.0.5, 9.2.0.6
* Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5,
9.0.4 (9.0.1.5 FIPS) (all of which are supported for Oracle
Application Server only)
* Oracle8i Database Server Release 3, version 8.1.7.4
* Oracle Application Server 10g Release 2 (10.1.2)
* Oracle Application Server 10g (9.0.4), versions 9.0.4.0,
9.0.4.1
* Oracle9i Application Server Release 2, versions 9.0.2.3, 9.0.3.1
* Oracle9i Application Server Release 1, version 1.0.2.2
* Oracle Collaboration Suite Release 2, versions 9.0.4.1, 9.0.4.2
* Oracle E-Business Suite and Applications Release 11i, versions
11.5.0 through 11.5.10
* Oracle E-Business Suite and Applications Release 11.0
* Oracle Enterprise Manager Grid Control 10g, versions 10.1.0.2,
10.1.0.3
* Oracle Enterprise Manager versions 9.0.4.0, 9.0.4.1
* PeopleSoft EnterpriseOne Applications, versions 8.9 SP2 and 8.93
* PeopleSoft OneWorldXe/ERP8 Applications, versions SP22 and higher

Appendix B. References

* Critical Patch Update - April 2005 -
<http://www.oracle.com/technology/deploy/security/pdf/
cpuapr2005.pdf>

* Critical Patch Updates and Security Alerts -
<http://www.oracle.com/technology/deploy/security/alerts.htm>

* Map of Public Vulnerability to Advisory/Alert -
<http://www.oracle.com/technology/deploy/security/pdf/
public_vuln_to_advisory_mapping.html>

* Comments on Oracle Critical Patch Update April 2005 -
<http://www.red-database-security.com/wp/
comments_oracle_cpu_april_2005_us.pdf>

* NGSSoftware Oracle Database vulnerabilities -
<http://www.ngssoftware.com/advisories/oracle-03.txt>

* US-CERT Vulnerability Note VU#948486 -
<http://www.kb.cert.org/vuls/id/948486>

* US-CERT Vulnerability Note VU#982109 -
<http://www.kb.cert.org/vuls/id/982109>

Head Guru

Apr 27 2005, 06:58 PM

It will never stop!

Moving for organization.

Bill

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.