Foi lançado em Janeiro o último patch da Oracle.
"This Critical Patch Update contains a total of 26 new security fixes for Oracle Database products, divided as follows:
*17 new security fixes for the Oracle Database, 1 of which may be remotely exploitable without authentication, i.e. it may be exploited over a network without the need for a username and password. 1 fix is applicable to Oracle Database client-only installations, i.e. installations that do not have the Oracle Database installed.
*9 new security fixes for Oracle HTTP Server, 8 of which may be remotely exploitable without authentication, i.e. they may be exploited over a network without the need for a username and password. Oracle HTTP Server is an optional product that is not installed by default with the Oracle Database. If it has not been installed, this software will not be present and the Oracle HTTP Server patches are not required. Oracle Database versions up to and including Oracle Database 9i Release 2 allowed Oracle HTTP Server to be installed as an optional component of the database. Oracle Database versions 10g Release 1 and higher include Oracle HTTP Server on the Companion CD."
"One new database vulnerability addressed by this Critical Patch Update, DB11, affects Oracle Database client-only installations (installations that do not have the Oracle Database installed). It is potentially exploitable where a privileged operating system process is passing input from an untrusted source to the affected program. Oracle recommends applying this Critical Patch Update to client-only installations which may be using the affected program in this way, or which are affected by client-only issues fixed in prior Critical Patch Updates if the prior patches have not been applied."
"This Critical Patch Update contains 12 new security fixes for Oracle Application Server, 8 of which may be remotely exploitable without authentication, i.e. they may be exploited over a network without the need for a username and password. No new fixes are applicable to client-only installations, i.e. installations that do not have Oracle Application Server installed.
This Critical Patch Update also contains 8 new security fixes for Oracle Application Server products that are not supported for standalone use, but are supported for use as part of supported products, i.e. those listed in the Category I section. More details of these fixes can be found in the sections of this document covering: Oracle Database, Oracle Collaboration Suite and Oracle E-Business Suite. They are not discussed further in this section, as they do not apply to Oracle Application Server standalone instances."
No comments:
Post a Comment
Os comentários são moderados.
The comments are moderated.