Forum OpenACS Q&A: Oracle Security Alert #68

Request notifications

Collapse
Posted by Andrew Piskorski on
FYI, Oracle just issued a new security alert today. If any of you are running Oracle accessible over anything other than a small LAN behind a good firewall, you probably want to grab the path from Metalink right away. In part, Oracle's security bulletin says:

Alert #68: Oracle Security Update

Description:

This security alert addresses security vulnerabilities in Oracle's server products.

Supported Products Affected:

  • Oracle Database 10g Release 1, version 10.1.0.2
  • Oracle9i Database Server Release 2, versions 9.2.0.4 and 9.2.0.5
  • Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5, and 9.0.4
  • Oracle8i Database Server Release 3, version 8.1.7.4
  • Oracle Enterprise Manager Grid Control 10g, version 10.1.0.2
  • Oracle Enterprise Manager Database Control 10g, version 10.1.0.2
  • Oracle Application Server 10g (9.0.4), versions 9.0.4.0 and 9.0.4.1
  • Oracle9i Application Server Release 2, versions 9.0.2.3 and 9.0.3.1
  • Oracle9i Application Server Release 1, version 1.0.2.2
  • The following product releases and versions, and all future releases and versions are not affected:

    • Oracle Database 10g Release 1, version 10.1.0.3
    • Oracle Enterprise Manager Grid Control 10g, version 10.1.0.3 (not yet available)
    • Oracle Application Server 10g (9.0.4), version 9.0.4.2 (not yet available)
    • Unsupported products, releases and versions have not been tested for the presence of these vulnerabilities, nor patched, in accordance with section 4.3.3.3 of the Software Error Correction Support Policy:

      Oracle Database Server Vulnerabilities:

      The available patches eliminate vulnerabilities in the Database Server and the Listener. The unpatched exposure risk is high; exploiting some of these vulnerabilities requires network access, but no valid user account.

      [etc...] (Note that nowhere does it say what the actual problem is, but presumably you could find that elsewhere if you look.)