Microsoft has released an additional security bulletin and software updates to address third-party controls in FAST Search Server for SharePoint first fixed in the Oracle Critical Patch Update for October 2012.
Oracle has released the October 2012 Critical Patch Update. The update contains 109 new security fixes that address multiple Oracle product families. The fixes correct multiple vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, cause a denial of service condition, or access sensitive information on targeted systems.
The following Oracle products are affected:
Oracle Database Server versions 10.2.0.5 and prior, 184.108.40.206, and 220.127.116.11 and prior
Oracle Fusion Middleware version 18.104.22.168
Oracle Forms and Reports versions 22.214.171.124 and 126.96.36.199
Oracle BI Publisher versions 10.1.3.4.2 and 188.8.131.52.2 and prior
Oracle Event Processing versions 2.0 and 184.108.40.206.0 and prior
Oracle Identity Management version 10.1.4.3
Oracle Imaging and Process Management version 10.1.3.6.0
Oracle JRockit versions R27.7.3 and prior and R28.2.4 and prior
Oracle Outside In Technology version 8.3.7
Oracle WebLogic Server versions 220.127.116.11, 10.0.2.0, 10.3.5.0, 10.3.6.0, and 18.104.22.168
Oracle WebCenter Sites versions 6.1, 6.2, 6.3, 7.0.3 and prior, 7.5, 7.6.2 and prior, and 22.214.171.124.0
Oracle E-Business Suite versions 126.96.36.199, 12.0.6, and 12.1.3 and prior
Oracle Agile PLM for Process versions 5.2.2, 188.8.131.52.3, 184.108.40.206, and 220.127.116.11.14
Oracle Agile PLM Framework versions 18.104.22.168 and prior
Oracle Agile Product Supplier Collaboration for Process versions 5.2.2 and 22.214.171.124
Oracle PeopleSoft Enterprise Campus Solutions version 9.0
Oracle PeopleSoft Enterprise People Tools versions 8.52 and prior
Oracle Siebel UI Framework version 8.1.1
Oracle Central Designer versions 1.3, 1.4, and 1.4.2
Oracle Clinical/Remote Data Capture versions 4.6.2 and prior
Oracle FLEXCUBE Direct Banking versions 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.4 and prior, 6.0.1, 6.2.0, and 12
Oracle FLEXCUBE Universal Banking versions 10.5.0 and prior, 11.4.0 and prior, and 12
Oracle Sun Product Suite
Oracle Secure Global Desktop version 4.6
Oracle VM Virtual Box versions 3.2, 4.0, and 4.1
Oracle MySQL Server versions 5.1.63 and prior and 5.5.25 and prior
Administrators are advised to apply the appropriate updates.
CentOS packages can be updated using the up2date or yum command.
Microsoft has released security bulletins at the following links:MS12-080 and MS13-013. Microsoft customers can obtain updates directly by using the links in the security bulletin. These updates are also distributed by Windows automatic update features and available on the Microsoft Update service. Microsoft Windows Server Update Services (WSUS), Systems Management Server, and System Center Configuration Manager can assist administrators in deploying software updates.
Red Hat has released a security advisory at the following link: RHSA-2012:1462. Red Hat has released updated software for registered subscribers at the following link: Red Hat Network. Red Hat packages can be updated on Red Hat Enterprise Linux versions 5 and later using the yum tool.
Version 3, December 11, 2012, 1:26 PM: Microsoft has released a security bulletin and software updates to address third-party controls in Exchange first fixed in the Oracle Critical Patch Update for October 2012.
Version 2, November 15, 2012, 10:08 AM: Red Hat has released a security advisory and updated packages to address the Oracle Critical Patch Update for October 2012. CentOS has also released updated packages to address these vulnerabilities.
Version 1, October 17, 2012, 3:33 AM: Oracle has released the October 2012 Critical Patch Update to address multiple security vulnerabilities in multiple Oracle products.
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.