Microsoft has released an additional security bulletin and software updates to address third-party controls in FAST Search Server for SharePoint first fixed in the Oracle Critical Patch Update for October 2012.
Description
Oracle has released the October 2012 Critical Patch Update. The update contains 109 new security fixes that address multiple Oracle product families. The fixes correct multiple vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, cause a denial of service condition, or access sensitive information on targeted systems.
The following Oracle products are affected:
Oracle Database Server versions 10.2.0.5 and prior, 11.1.0.7, and 11.2.0.3 and prior
Oracle Fusion Middleware version 11.1.1.6
Oracle Forms and Reports versions 11.1.1.4 and 11.1.2.0
Oracle BI Publisher versions 10.1.3.4.2 and 11.1.1.6.2 and prior
Oracle Event Processing versions 2.0 and 11.1.1.6.0 and prior
Oracle Identity Management version 10.1.4.3
Oracle Imaging and Process Management version 10.1.3.6.0
Oracle JRockit versions R27.7.3 and prior and R28.2.4 and prior
Oracle Outside In Technology version 8.3.7
Oracle WebLogic Server versions 9.2.4.0, 10.0.2.0, 10.3.5.0, 10.3.6.0, and 12.1.1.0
Oracle WebCenter Sites versions 6.1, 6.2, 6.3, 7.0.3 and prior, 7.5, 7.6.2 and prior, and 11.1.1.6.0
Oracle E-Business Suite versions 11.5.10.2, 12.0.6, and 12.1.3 and prior
Oracle Agile PLM for Process versions 5.2.2, 6.0.0.6.3, 6.1.0.0, and 6.1.0.1.14
Oracle Agile PLM Framework versions 9.3.1.1 and prior
Oracle Agile Product Supplier Collaboration for Process versions 5.2.2 and 6.1.0.0
Oracle PeopleSoft Enterprise Campus Solutions version 9.0
Oracle PeopleSoft Enterprise People Tools versions 8.52 and prior
Oracle Siebel UI Framework version 8.1.1
Oracle Central Designer versions 1.3, 1.4, and 1.4.2
Oracle Clinical/Remote Data Capture versions 4.6.2 and prior
Oracle FLEXCUBE Direct Banking versions 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.4 and prior, 6.0.1, 6.2.0, and 12
Oracle FLEXCUBE Universal Banking versions 10.5.0 and prior, 11.4.0 and prior, and 12
Oracle Sun Product Suite
Oracle Secure Global Desktop version 4.6
Oracle VM Virtual Box versions 3.2, 4.0, and 4.1
Oracle MySQL Server versions 5.1.63 and prior and 5.5.25 and prior
Administrators are advised to apply the appropriate updates.
CentOS packages can be updated using the up2date or yum command.
Microsoft has released security bulletins at the following links:MS12-080 and MS13-013. Microsoft customers can obtain updates directly by using the links in the security bulletin. These updates are also distributed by Windows automatic update features and available on the Microsoft Update service. Microsoft Windows Server Update Services (WSUS), Systems Management Server, and System Center Configuration Manager can assist administrators in deploying software updates.
Red Hat has released a security advisory at the following link: RHSA-2012:1462. Red Hat has released updated software for registered subscribers at the following link: Red Hat Network. Red Hat packages can be updated on Red Hat Enterprise Linux versions 5 and later using the yum tool.
Signatures
Cisco Systems Cisco Intrusion Prevention System (IPS) 6.0
Version 3, December 11, 2012, 1:26 PM: Microsoft has released a security bulletin and software updates to address third-party controls in Exchange first fixed in the Oracle Critical Patch Update for October 2012.
Version 2, November 15, 2012, 10:08 AM: Red Hat has released a security advisory and updated packages to address the Oracle Critical Patch Update for October 2012. CentOS has also released updated packages to address these vulnerabilities.
Version 1, October 17, 2012, 3:33 AM: Oracle has released the October 2012 Critical Patch Update to address multiple security vulnerabilities in multiple Oracle products.
Alerts and bulletins on the Cisco Security Intelligence Operations Portal are highlighted by analysts in the
Cisco Threat Operations Center and represent a subset of the comprehensive content that is available through Cisco Security IntelliShield Alert Manager Service.
This customizable threat and vulnerability alert service provides security staff with access to timely, accurate, and credible information about threats and vulnerabilities that may affect their environment. Cisco is pleased to offer a free trial of the service.
To register for full access, please visit the IntelliShield trial registration page.
LEGAL DISCLAIMER The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
