You are here

T-535: Oracle Critical Patch Update - January 2011

January 14, 2011 - 9:39pm

Addthis

PROBLEM:
 

Oracle Critical Patch Update - January 2011

 

PLATFORM:
 

Oracle Database 11g Release 2, Oracle Database 11g Release 1, Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5, Sun Oracle Database 10g Release 1, version 10.1.0.5 and other Oracle product suites. Please use the available URL for more details: Critical Patch Updates and Security Alerts

 

ABSTRACT:
 

This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for January 2011, which will be released on Tuesday, January 18, 2011. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory. A Critical Patch Update is a collection of patches for multiple security vulnerabilities. This Critical Patch Update contains 66 new security vulnerability fixes across hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.

 

reference LINKS:

 

Oracle Critical Patch Update Pre-Release Announcement - January 2011
Critical Patch Updates and Security Alerts

 

IMPACT ASSESSMENT:

High

 

Discussion:

This Critical Patch Update contains 6 new security fixes for the Oracle Database Server. 2 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. None of these fixes are applicable to client-only installations, i.e., installations that do not have the Oracle Database Server installed.

This Critical Patch Update contains 1 new security fix for Oracle Audit Vault. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

This Critical Patch Update contains 16 new security fixes for Oracle Fusion Middleware. 12 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

This Critical Patch Update contains 2 new security fixes for Oracle Enterprise Manager Grid Control. Both of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. None of these fixes are applicable to client-only installations, i.e., installations that do not have Oracle Enterprise Manager Grid Control installed.

This Critical Patch Update contains 2 new security fixes for Oracle Applications. Both of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

This Critical Patch Update contains 3 new security fixes for the Oracle Supply Chain Products Suite. None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without the need for a username and password.

This Critical Patch Update contains 10 new security fixes for the Oracle PeopleSoft and JDEdwards Suite. 2 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

This Critical Patch Update contains 2 new security fixes for Oracle Industry Applications. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

This Critical Patch Update contains 21 new security fixes for the Oracle Sun Products Suite. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

This Critical Patch Update contains 2 new security fixes for the Oracle Open Office Suite. Both of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password..

 

Solution:
 

Apply patches as needed.

http://www.oracle.com/technetwork/topics/security/downloads/index.html (Login Required)

 

Addthis