-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0085 Title: Pre-Release Announcement - Oracle Critical Patch Update - 17 July 2012 [1] Version history: 17.07.2012 Initial publication Summary ======= Several vulnerabilities addressed in this Critical Patch Update affect multiple products. Each vulnerability is identified by a CVE# which is a unique identifier for vulnerability. The highest CVSS 2.0 Base Score for vulnerabilities in this Critical Patch Update is 10.0 for Oracle JRockit of Oracle Fusion Middleware. This Pre-Release Announcement is based on information available at the time of publication, and the information upon which it is based may change before publication of the Critical Patch Update Advisory. CVSS Base Score (of the most critical ones) CVSS v2 Base Score: 10.0 (CRITICAL) (AV:N/AC:L/Au:N/C:C/I:C/A:C) [2] Affected Products and Versions ============================== Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3 Oracle Database 11g Release 1, version 11.1.0.7 Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 Oracle Secure Backup, version 10.3.0.3, 10.4.0.1 Oracle Fusion Middleware 11g Release 2, version 11.1.2.0 Oracle Fusion Middleware 11g Release 1, versions 11.1.1.5, 11.1.1.6 Oracle Application Server 10g Release 3, version 10.1.3.5 Oracle Identity Management 10g, version 10.1.4.3 Hyperion BI+, version 11.1.1.x Oracle JRockit versions, R28.2.3 and earlier, R27.7.2 and earlier Oracle Map Viewer, versions 10.1.3.1, 11.1.1.5, 11.1.1.6 Oracle Outside In Technology, versions 8.3.5, 8.3.7 Enterprise Manager Plugin for Database 12c Release 1, versions 12.1.0.1, 12.1.0.2 Enterprise Manager Grid Control 11g Release 1, version 11.1.0.1 Enterprise Manager Grid Control 10g Release 1, version 10.2.0.5 Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.6, 12.1.1, 12.1.2, 12.1.3 Oracle E-Business Suite Release 11i, version 11.5.10.2 Oracle Transportation Management, versions 5.5.06, 6.0, 6.1, 6.2 Oracle AutoVue, versions 20.0.2, 20.1 Oracle PeopleSoft Enterprise HRMS, versions 9.0, 9.1 Oracle PeopleSoft Enterprise PeopleTools, versions 8.50, 8.51, 8.52 Oracle Siebel CRM, versions 8.1.1, 8.2.2 Oracle Clinical Remote Data Capture Option, versions 4.6, 4.6.2, 4.6.3 Oracle Sun Product Suite Oracle MySQL Server, versions 5.1, 5.5 What can you do? ================ Deploy the updated versions of the software [1]. What to tell your users? ======================== N/A More information ================ [1] http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html [2] Information about CVSS: http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJQBVTpAAoJEMQ9UMldbd3zmlYP/jRrCLmLaIcIMnFDvItVhxO4 cv31lsZbeVaogIyKFkVSZX0WAFIUdS6gOcmh1FKf+YW0IKKzWg3L6IS1DrXm/xBQ gcGG29OESwPmu3D3e3nRTyX/ZyU3kRqOASGyAAvGGHwDZVEsKM351378kuFWJx/F OWWBxBEeuH+l5vS8NHrm/b4T/XSTj0eZrMonoa+kCtVRpCcNW0qG6coKf0IMGDzP hjS6YsdpvxBtwj697qpzRPno2xpi3ISzbYIlGHOBJneRudJsWDvxMyFcu91Z8Gbc nUVFrcH30abTFOqU0aXiC/Uxwjl8Ti5q4/BY8H8s42wZ94gX+DOCOeC7hZLfMR8D rYdBCAMCZVn6fKD8h5zxap1U8nqDGdYtu4Xmel9bFQys458JZHSslB+XCSShElr6 6muIyV4HZqCfA0t4jI98umXmd7gaWrGU+kcen4PEi3+WHfxPuwo1QymJMYETHX8S 8UGxXgInoRGLy0R1UQF6CgPjZymUUAQVYnGbBBvTUXLMIZ8ISp3DaGOB/p7R49RI fOvrP7S7hicaWT16+pyIeIHOTmnh4hce9hm8G9Gorj0AarPTZdpoazMq9ZhY7Wf1 oU5r9rlK6/9V4lcOIcRTRtlNycoeS2P3aUGmagjehnMeidtQVG0Sl1Cix8b5gopj oJtcy5vAEdiNShvmmDO8 =U6cY -----END PGP SIGNATURE-----