Oracle Updates for Multiple Vulnerabilities
URL : http://www.us-cert.gov/cas/techalerts/TA09-015A.html

Original release date: January 15, 2009
Source: US-CERT

Systems Affected

• Oracle Database 11g, version 11.1.0.6
• Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3, and 10.2.0.4
• Oracle Database 10g, version 10.1.0.5
• Oracle Database 9i Release 2, versions 9.2.0.8 and 9.2.0.8DV
• Oracle Secure Backup, versions 10.1.0.1, 10.1.0.2, 10.1.0.3, 10.2.0.2, and 10.2.0.3
• Oracle TimesTen In-Memory Database, versions 7.0.5.1.0, 7.0.5.2.0, 7.0.5.3.0, and 7.0.5.4.0
• Oracle Application Server 10g Release 3 (10.1.3), version 10.1.3.3.0
• Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.2.0 and 10.1.2.3.0
• Oracle Collaboration Suite 10g, version 10.1.2
• Oracle E-Business Suite Release 12, version 12.0.6
• Oracle E-Business Suite Release 11i, version 11.5.10.2
• Oracle Enterprise Manager Grid Control 10g Release 4, version 10.2.0.4
• PeopleSoft Enterprise HRMS, versions 8.9 and 9.0
• JD Edwards Tools, version 8.97
• Oracle WebLogic Server (formerly BEA WebLogic Server) 10.0 released through MP1, 10.3 GA
• Oracle WebLogic Server (formerly BEA WebLogic Server) 9.0 GA, 9.1 GA, 9.2 released through MP3
• Oracle WebLogic Server (formerly BEA WebLogic Server) 8.1 released through SP6
• Oracle WebLogic Server (formerly BEA WebLogic Server) 7.0 released through SP7
• Oracle WebLogic Portal (formerly BEA WebLogic Portal) 10.0 released through MP1, 10.2 GA, 10.3 GA
• Oracle WebLogic Portal (formerly BEA WebLogic Portal) 9.2 released through MP3
• Oracle WebLogic Portal (formerly BEA WebLogic Portal) 8.1 released through SP6
• For more information regarding affected product versions, please see the Oracle Critical Patch Update - January 2009.

Overview

Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.