Vulnerability Bulletins |
Oracle publica parche acumulativo de Octubre 2006 |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | Comercial Software |
Affected software |
Oracle Database 10g Release 2, 10.2.0.1, 10.2.0.2 Oracle Database 10g Release 1, 10.1.0.4, 10.1.0.5 Oracle9i Database Release 2, 9.2.0.6, 9.2.0.7 Oracle8i Database Release 3, 8.1.7.4 Oracle Application Express (HTML DB), 1.5 - 2.0 Oracle Application Server 10g Release 3, versions 10.1.3.0.0 Oracle Application Server 10g Release 2, 10.1.2.0.0 - 10.1.2.0.2, 10.1.2.1.0 Oracle Application Server 10g Release 1 9.0.4.2, 9.0.4.3 Oracle Collaboration Suite 10g Release 1, 10.1.2.0 Oracle9i Collaboration Suite Release 2, 9.0.4.2 Oracle E-Business Suite Release 11i, 11.5.7 - 11.5.10 CU2 Oracle E-Business Suite Release 11.0 Oracle Pharmaceutical Applications 4.5.0 - 4.5.1 Oracle PeopleSoft Enterprise PeopleTools 8.22, 8.46, 8.47, 8.48 Oracle PeopleSoft Enterprise Portal Solutions 8.8, 8.9 JD Edwards EnterpriseOne Tools, OneWorld Tools, 8.95, 8.96 JD Edwards OneWorld Tools SP23 |
Description |
|
Se ha publicado el parche acumulativo de Octubre de 2006 para los siguientes productos de Oracle: Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite, Oracle Pharmaceutical Applications, Oracle PeopleSoft Enterprise PeopleTools, Oracle PeopleSoft Enterprise Portal Solutions, JD Edwards EnterpriseOne Tools. Este parche soluciona múltiples vulnerabilidades que pueden comprometer la integridad, confidencialidad y disponibilidad de dichos productos asi como la información manejada por ellos. A destacar múltiples inyecciones de código SQL y desbordamientos de búfer. |
|
Solution |
|
Actualización de software Oracle Oracle Database Server http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=391563.1#DBAVAIL Oracle Application Server http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=391563.1#HTTPAVAIL Oracle Collaboration Suite http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=391563.1#OCSAVAIL Oracle E-Business Suite and Applications http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=391564.1 Oracle Pharmaceutical Applications http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=389994.1 Oracle Enterprise Manager http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=391563.1#DBAVAIL Oracle PeopleSoft Enterprise y JD Edwards EnterpriseOne http://www.peoplesoft.com/corp/en/support/security_index.jsp Hewlett-Packard Aplique los mecanismos de actualización de Oracle: Oracle for OpenView (OfO) / HP-UX, Tru64 UNIX, Linux, Solaris, Windows / Oracle Critical Patch Update - Octubre 2006 http://itrc.hp.com/ Hewlett-Packard Aplique los mecanismos de actualización de Oracle: Oracle for OpenView (OfO) / HP-UX, Tru64 UNIX, Linux, Solaris, Windows / Oracle Critical Patch Update - Enero 2007 http://itrc.hp.com/ |
|
Standar resources |
|
Property | Value |
CVE |
CVE-2006-5377 CVE-2006-5376 CVE-2006-5375 CVE-2006-5374 CVE-2006-5373 CVE-2006-5372 CVE-2006-5371 CVE-2006-5370 CVE-2006-5369 CVE-2006-5368 CVE-2006-5367 CVE-2006-5366 CVE-2006-5365 CVE-2006-5364 CVE-2006-5363 CVE-2006-5362 CVE-2006-5361 CVE-2006-5360 CVE-2006-5359 CVE-2006-5358 CVE-2006-5357 CVE-2006-5356 CVE-2006-5355 CVE-2006-5354 CVE-2006-5353 CVE-2006-5352 CVE-2006-5351 CVE-2006-5350 CVE-2006-5349 CVE-2006-5348 CVE-2006-5347 CVE-2006-5346 CVE-2006-5345 CVE-2006-5344 CVE-2006-5343 CVE-2006-5342 CVE-2006-5341 CVE-2006-5340 CVE-2006-5339 CVE-2006-5338 CVE-2006-5337 CVE-2006-5336 CVE-2006-5335 CVE-2006-5334 CVE-2006-5333 CVE-2006-5332 |
BID | 20588 |
Other resources |
|
Oracle Critical Patch Update - Octubre 2006 http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html HP SECURITY BULLETIN (HPSBMA02133) http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=c00727143 |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2006-10-18 |
1.1 | CVE añadido | 2006-10-19 |
1.3 | Aviso emitido por Hewlett Packard (HPSBMA02133) | 2006-10-26 |
1.4 | Aviso actualizado por Hewlett Packard (HPSBMA02133) | 2007-01-24 |