Actualizações Oracle para Múltiplas Vulnerabilidades

Categoria: Alertas

quarta, 15 abril 2009 10:38

Sistemas Operativos Implicados:	Indefinido
Aplicações Implicadas:	Oracle

A Oracle lançou o Oracle Critical Patch Update referente a Abril de 2009. Vários produtos e componentes Oracle encontram-se afectados por múltiplas vulnerabilidades. Este update diz respeito a um total de 43 vulnerabilidades em diferentes produtos e componentes Oracle. Devido à criticidade das falhas descritas é aconselhável aplicar as actualizações apropriadas especificadas no Oracle Critical Patch Update Advisory - April 2009

I. Descrição

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required (because of interdependencies) by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. Please refer to

Critical Patch Updates and Security Alerts for information about Oracle Security Advisories.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible. This Critical Patch Update contains 43 new security fixes across all products.

Supported Products and Components Affected

Security vulnerabilities addressed by this Critical Patch Update affect the products listed in the categories below. The product area of the patches for the listed versions is shown in [square brackets] following the product versions. Please click on the link in [square brackets] or in the Patch Availability Table to access the documentation for those patches.

Product releases and versions that are in Premier Support or Extended Support, under the Oracle Lifetime Support Policy:

• Oracle Database 11g, version 11.1.0.6, 11.1.0.7	[ Database ]
• Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4	[ Database ]
• Oracle Database 10g, version 10.1.0.5	[ Database ]
• Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV	[ Database ]
• Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0	[ Application Server ]
• Oracle Outside In SDK HTML Export 8.2.2, 8.3.0	[ Application Server ]
• Oracle XML Publisher 5.6.2, 10.1.3.2, 10.1.3.2.1	[ Application Server ]
• Oracle BI Publisher 10.1.3.3.0 10.1.3.3.1, 10.1.3.3.2, 10.1.3.3.3, 10.1.3.4	[ Application Server ]
• Oracle E-Business Suite Release 12, version 12.0.6	[ E-Business Suite ]
• Oracle E-Business Suite Release 11i, version 11.5.10.2	[ E-Business Suite ]
• PeopleSoft Enterprise PeopleTools versions: 8.49	[ PeopleSoft/JDE ]
• PeopleSoft Enterprise HRMS versions: 8.9 and 9.0	[ PeopleSoft/JDE ]
• Oracle WebLogic Server 10.3	[ BEA ]
• Oracle WebLogic Server 9.0 GA, 9.1 GA, 9.2 through 9.2 MP3	[ BEA ]
• Oracle WebLogic Server 8.1 through 8.1 SP6	[ BEA ]
• Oracle WebLogic Server 7.0 through 7.0 SP7	[ BEA ]
• -Oracle WebLogic Portal 8.1 through 8.1 SP6	[ BEA ]
• Oracle Data Service Integrator 10.3.0 and Oracle AquaLogic Data Services Platform (formerly BEA ALDSP) 3.2, 3.0.1, 3.0	[ BEA ]
• Oracle JRockit (formerly BEA JRockit) R27.6.2 and earlier (JDK/JRE 6, 5, 1.4.2)	[ BEA ]

II. Solução

Aplicar uptades e workarounds descritos no Oracle Critical Patch Update Advisory - April 2009.

III. Referências

Oracle Critical Patch Update Advisory - April 2009:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html