-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0013 Title: Oracle Critical Patch Update - Junuary 2013 Version history: 23.01.2013 Initial publication Summary ======= The Critical Patch Update for Junuary 2013 [1] were released. Oracle strongly recommends applying the patches as soon as possible. Please note that Sun products are included in this Critical Patch Update. Be aware that Sun and MySQL patches have also been included in this realised. The Critical Patch Update Advisory [2] is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents. Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information. And the information concerning the fixed vulnerabilities [3]. Affected Products and Versions: ============================== Oracle Critical Patch Update Advisory - Junuary 2013: ==================================================== Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3 Oracle Database 11g Release 1, version 11.1.0.7 Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 Oracle Database Mobile Server, version 11.1.0.0 Oracle Database Lite Server, version 10.3.0.3 Oracle Access Manager/Webgate, versions 10.1.4.3.0, 11.1.1.5.0, 11.1.2.0.0 Oracle GoldenGate Veridata, version 3.0.0.11.0 Management Pack for Oracle GoldenGate, version 11.1.1.1.0 Oracle Outside In Technology, versions 8.3.7, 8.4 Oracle WebLogic Server, versions 9.2.4, 10.0.2, 10.3.5, 10.3.6, 12.1.1 Application Performance Management versions 6.5, 11.1, 12.1.0.2 Enterprise Manager Grid Control 11g Release 1, version 11.1.0.1 Enterprise Manager Grid Control 10g Release 1, version 10.2.0.5 Enterprise Manager Plugin for Database 12c Release 1, versions 12.1.0.1, 12.1.0.2 Oracle E-Business Suite Release 12, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3 Oracle E-Business Suite Release 11i, version 11.5.10.2 Oracle Agile PLM Framework, version 9.3.1.1 Oracle PeopleSoft HRMS, versions 9.0, 9.1 Oracle PeopleSoft PeopleTools, versions 8.51, 8.52 Oracle JD Edwards EnterpriseOne Tools, versions 8.9, 9.1 Oracle Siebel CRM, versions 8.1.1, 8.2.2 Oracle VM VirtualBox, versions 4.0, 4.1, 4.2 Oracle MySQL Server, versions 5.1.66 and earlier, 5.5.28 and earlier What can you do? ================ Deploy the updated versions of the software [2]. What to tell your users? ======================== N/A More information ================ [1] http://www.oracle.com/technetwork/topics/security/alerts-086861.html [2] http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html [3] Information about CVSS: http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 * CERT for the European Institutions * 0x46AC4383:0xC8F12568(L) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJQ//euAAoJEPpzpNLI8SVoWOEP/RL+f1m/k/18UEFcc0LeNiMV LuKf2DNCGwhTvnqc6PpIYIIEo/bAODPQd00Q7TBDwNARvU1eefpkneCVucAOsgBt n/dOShRFUJKYr+4ry1PDz/oGSHft5FYfx/9kTyqWP54/cm4qBvNeoQYw8iRJoEae BDzCz/7uHHFDj5OXffat/Hr1G0xQHDFim7vXhBrUM9BadJM5WC5oYMThY1MznS83 J7hRkCFwq++6N5t68R42L3FgymJ22BBQF2vCBlLllUV7QT4UoDg/Jo0dfMIE7VKW o1gkuV8KAad/iS3OhuE/qtrOhaNvNAO5vliyW4WtRVlX+GJHTnUYdt93/Of/1Lq1 S5VBa5jHGfy3cOUNxCGGT042Vv4kFRG7x5/HwqwFCGvmWDM9Nf6WcVYZRkv7e3rz CHWEsRW6D8N1h/o/MGtM0yqtz1XMRxhNNZ8/IekOujpovMskGyU7DuGjTVsxUk2O NL31YPMviBQiGdvAgsPD0b3vd80Jzn/r/yCBgLOiI/rAaH5UmQmBNSXSbg1Klu3x RzUAp/i8VJyPKKRab8neTGOMVhKgr7NNqEdbwfA59/g4l1v6mXY7W/ILQC5Bi6Iq x5M1NtVRD/Sx0IoIx+emK/+JPrfZcQP8PgjH0VtkALbMyEXAU5zMHIGoHJEdRS4K Io+gcfTYwjqfOH6ZHKQT =1/VW -----END PGP SIGNATURE-----