Public Safety Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links | Liens de navigation communs

Skip Navigation Links Home > Programs > Emergency management > Response > CCIRC > Analytical releases 2010 > AV10-020: Oracle Critical Patch Update - July 2010

Institutional links

Oracle Critical Patch Update - July 2010

Number: AV10-021
Date: 14 July 2010

Purpose

The purpose of this advisory is to bring attention to the following critical patch update for Oracle products.

Assessment

Oracle has released 59 new security fixes, which affect all product families listed below:

  • Oracle Database 11g Release 2, version 11.2.0.1
  • Oracle Database 11g Release 1, version 11.1.0.7
  • Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4
  • Oracle Database 10g, version 10.1.0.5
  • Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
  • Oracle TimesTen In-Memory Database, versions 7.0.5.1.0, 7.0.5.2.0, 7.0.5.3.0, 7.0.5.4.0
  • Oracle Secure Backup version 10.3.0.1
  • Oracle Application Server, 10gR2, version 10.1.2.3.0
  • Oracle Identity Management 10g, version 10.1.4.0.1
  • Oracle WebLogic Server 11gR1 releases (10.3.1, 10.3.2 and 10.3.3)
  • Oracle WebLogic Server 10gR3 release (10.3.0)
  • Oracle WebLogic Server 10.0 through MP2
  • Oracle WebLogic Server 9.0, 9.1, 9.2 through MP3
  • Oracle WebLogic Server 8.1 through SP6
  • Oracle WebLogic Server 7.0 through SP7
  • Oracle JRockit R28.0.0 and earlier (JDK/JRE 5 and 6)
  • Oracle JRockit R27.6.6 and earlier (JDK/JRE 1.4.2, 5 and 6)
  • Oracle Business Process Management, versions 5.7.3, 6.0.5, 10.3.1, 10.3.2
  • Oracle Enterprise Manager Grid Control 10g Release 5, version 10.2.0.5
  • Oracle Enterprise Manager Grid Control 10g Release 1, version 10.1.0.6
  • Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1 and 12.1.2
  • Oracle E-Business Suite Release 11i, versions 11.5.10, 11.5.10.2
  • Oracle Transportation Manager, Versions: 5.5.05.07, 5.5.06.00, 6.0.03
  • PeopleSoft Enterprise Campus Solutions, version 9.0
  • PeopleSoft Enterprise CRM, versions 9.0 and 9.1
  • PeopleSoft Enterprise FSCM, versions 8.9, 9.0 and 9.1
  • PeopleSoft Enterprise HCM, versions 8.9, 9.0 and 9.1
  • PeopleSoft Enterprise PeopleTools, versions 8.49 and 8.50
  • Oracle Sun Product Suite

Suggested action

Oracle states that "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible."

CCIRC recommends pre-deployment validation testing and patch application to affected products as soon as possible.

References:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca

Date Modified: 2010-07-16
Top of Page
Top of Page
Important Notices