MyCERT Advisories
MyCERT Advisories, Alerts and Summaries for the year 2009
Bookmark and Share

MA-197.102009: MyCERT Alert - Latest Updates for Multiple Oracle Vulnerabilities

1.0 Introduction

Oracle has released a Critical Patch Update, a collection of patches for 16 security vulnerabilities in various Oracle products and components. It also includes non-security fixes that are required (because of interdependencies) by those security patches.

The lists of affected systems are as below:

  • Oracle Database 11g, version 11.1.0.7 (Database)
  • Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4 (Database)
  • Oracle Database 10g, version 10.1.0.5 (Database)
  • Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV (Database)
  • Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.4.0, 10.1.3.5.0 (Application Server)
  • Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 (Application Server)
  • Oracle Business Intelligence Enterprise Edition, versions 10.1.3.4.0, 10.1.3.4.1 (Application Server)
  • Oracle E-Business Suite Release 12, versions 12.0.6, 12.1 (E-Business Suite)
  • Oracle E-Business Suite Release 11i, version 11.5.10.2 (E-Business Suite)
  • AutoVue, version 19.3 (E-Business Suite)
  • Agile Engineering Data Management (EDM), version 6.1 (E-Business Suite)
  • PeopleSoft PeopleTools & Enterprise Portal, version 8.49 (PeopleSoft/JDE)
  • PeopleSoft Enterprise HCM (TAM), version 9.0 (PeopleSoft/JDE)
  • JDEdward Tools, version 8.98 (PeopleSoft/JDE)
  • Oracle WebLogic Server 10.0 through MP1 and 10.3 (BEA)
  • Oracle WebLogic Server 9.0 GA, 9.1 GA and 9.2 through 9.2 MP3 (BEA)
  • Oracle WebLogic Server 8.1 through 8.1 SP5 (BEA)
  • Oracle WebLogic Server 7.0 through 7.0 SP6 (BEA)
  • Oracle WebLogic Portal, versions 8.1 through 8.1 SP6, 9.2 through 9.2 MP3, 10.0 through 10.0MP1, 10.2 through 10.2MP1 and 10.3 through 10.3.1 (BEA)
  • Oracle JRockit R27.6.4 and earlier (JDK/JRE 6, 5, 1.4.2) (BEA)
  • Oracle Communications Order and Service Management, versions 2.8.0, 6.2.0, 6.3.0 and 6.3.1 (Industry Suite)

You can find more information regarding Oracle Critical Patch Update Advisory - October 2009 by visiting the following URL: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor. MyCERT can be reached through the following channels:

E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web : http://www.mycert.org.my

2.0 References