Public Safety Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links | Liens de navigation communs

Skip Navigation Links Home > Programs > Emergency management > Response > CCIRC > Analytical releases 2010 > AV10-004: Oracle Critical Patch Update Advisory - January 2010

Institutional links

Oracle Critical Patch Update Advisory - January 2010

Number: AV10-004
Date: 13 January 2010

Purpose

The purpose of this advisory is to bring attention to the following critical patch update for Oracle products.

Assessment

Oracle has released 24 new security fixes that affect many of their products:

Oracle Database 11g version 11.1.0.7
Oracle Database 10g Release 2 version 10.2.0.3
Oracle Database 10g Release 2 version 10.2.0.4
Oracle Database 10g version 10.1.0.5
Oracle Database 9i Release 2 version 9.2.0.8
Oracle Database 9i Release 2 version 9.2.0.8DV
Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.4.0
Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.5
Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.5.1
Oracle Application Server 10g Release 2 (10.1.2) version 10.1.2.3.0
Oracle Access Manager version 7.0.4.3
Oracle Access Manager version 10.1.4.2
Oracle E-Business Suite Release 12 version 12.0.4
Oracle E-Business Suite Release 12 version 12.0.5
Oracle E-Business Suite Release 12 version 12.0.6
Oracle E-Business Suite Release 12 version 12.1.1
Oracle E-Business Suite Release 12 version 12.1.2
Oracle E-Business Suite Release 11i version 11.5.10.2
PeopleSoft Enterprise HCM (TAM) version 8.9
PeopleSoft Enterprise HCM (TAM) version 9.0
Oracle WebLogic Server versions 10.0 through MP2
Oracle WebLogic Server version 10.3.0
Oracle WebLogic Server version 10.3.1
Oracle WebLogic Server version 9.0 GA
Oracle WebLogic Server version 9.1 GA
Oracle WebLogic Server versions 9.2 through 9.2 MP3
Oracle WebLogic Server versions 8.1 through 8.1 SP6
Oracle WebLogic Server versions 7.0 through 7.0 SP7
Oracle JRockit version R27.6.5 and prior (JDK/JRE 6, 5, 1.4.2)
Primavera P6 Enterprise Project Portfolio Management version 6.1
Primavera P6 Enterprise Project Portfolio Management version 6.2.1
Primavera P6 Enterprise Project Portfolio Management version 7.0
Primavera P6 Web Services version 6.2.1
Primavera P6 Web Services version 7.0
Primavera P6 Web Services version 7.0SP1

CVE Reference: CVE-2009-1996, CVE-2009-2625, CVE-2009-3410, CVE-2009-3411, CVE-2009-3412, CVE-2009-3412, CVE-2009-3413, CVE-2009-3414, CVE-2009-3415, CVE-2009-3416, CVE-2010-0066, CVE-2010-0067, CVE-2010-0068, CVE-2010-0069, CVE-2010-0070, CVE-2010-0071, CVE-2010-0072, CVE-2010-0074, CVE-2010-0075, CVE-2010-0076, CVE-2010-0077, CVE-2010-0078, CVE-2010-0079 and CVE-2010-0080

Suggested action

Oracle “strongly recommends that customers apply CPU fixes as soon as possible" due to the threat posed by a successful attack.
 
CCIRC recommends that administrators identify affected products, assess the need to update and identify potential dependencies.

References:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
http://www.vupen.com/english/advisories/2010/0102

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca

Date Modified: 2010-01-13
Top of Page
Top of Page
Important Notices