Boletines de Vulnerabilidades |
Oracle publica parche acumulativo de Julio 2006 |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Obtener acceso |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricant afectat | Comercial Software |
Software afectado |
Oracle Database 10g Release 2, 10.2.0.1, 10.2.0.2 Oracle Database 10g Release 1, 10.1.0.4, 10.1.0.5 Oracle9i Database Release 2, 9.2.0.6, 9.2.0.7 Oracle8i Database Release 3, 8.1.7.4 Oracle Enterprise Manager 10g Grid Control, 10.2.0.1 Oracle Application Server 10g Release 3, versions 10.1.3.0.0 Oracle Application Server 10g Release 2, 10.1.2.0.0 - 10.1.2.0.2, 10.1.2.1.0 Oracle Application Server 10g Release 1 9.0.4.2, 9.0.4.3 Oracle Collaboration Suite 10g Release 1, 10.1.2.0 Oracle9i Collaboration Suite Release 2, 9.0.4.2 Oracle E-Business Suite Release 11i, 11.5.7 - 11.5.10 CU2 Oracle E-Business Suite Release 11.0 Oracle Pharmaceutical Applications 4.5.0 - 4.5.2 Oracle PeopleSoft Enterprise Portal Solutions, 8.4, 8.8, 8.9 Oracle PeopleSoft Enterprise Portal Solutions (with Enforcer Portal Pack), version 8.8 JD Edwards EnterpriseOne Tools, OneWorld Tools, versions 8.95, 8.96 |
Descripción |
|
Se ha publicado el parche acumulativo de Julio de 2006 para los siguientes productos de Oracle: Oracle Database, Oracle Application Server, Oracle Enterprise Manager Grid Control, Oracle Collaboration Suite, JD Edwards EnterpriseOne, JD Edwards OneWorld Tools, PeopleSoft Enterprise Portal Applications and PeopleSoft Enterprise PeopleTools Este parche soluciona múltiples vulnerabilidades que pueden comprometer la integridad, confidencialidad y disponibilidad de dichos productos asi como la información manejada por ellos. |
|
Solución |
|
Actualización de software Oracle Oracle Database Server http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=372930.1#DBAVAIL Oracle Application Server http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=372930.1#ASMIDTIER Oracle Collaboration Suite http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=372930.1#OCSAVAIL Oracle E-Business Suite and Applications http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2006.html#Appendix%20D Oracle Pharmaceutical Applications http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=374060.1 Oracle Enterprise Manager http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=372930.1#OEMAVAIL Oracle PeopleSoft Enterprise y JD Edwards EnterpriseOne http://www.peoplesoft.com/corp/en/support/security_index.jsp Hewlett-Packard Oracle for OpenView (OfO) / HP-UX, Tru64 UNIX, Linux, Solaris, Windows / Oracle Critical Patch Update - July 2006 http://itrc.hp.com/ Hewlett-Packard Oracle for OpenView (OfO) / HP-UX, Tru64 UNIX, Linux, Solaris, Windows / Oracle Critical Patch Update - January 2007 http://itrc.hp.com/ |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | |
BID | |
Recursos adicionales |
|
Oracle Critical Patch Update - Julio 2006 http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2006.html HP SECURITY BULLETIN (HPSBMA02133) http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=c00727143 Red Database Security (DB03) http://www.red-database-security.com/advisory/oracle_sql_injection_kupw$worker.html Red Database Security (DB01) http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_cdc_impdp.html Red Database Security (DB22) http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_upgrade.html Red Database Security (DB21) http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_stats.html |
Histórico de versiones |
||
Versión | Comentario | Data |
1.0 | Aviso emitido | 2006-07-19 |
1.1 | Aviso actualizado por Hewlett Packard (HPSBMA02133) | 2007-01-24 |