Posts

Patch Tuesday February 2016

Yet another patch Tuesday has come upon us.
Microsoft released 13 updates, some of which fix critical issues, to address vulnerabilities in their product line. Adobe on the other hand has released patches which address 22 vulnerabilities for their Adobe Flash and Adobe Acrobat/Reader products.
Oracle also pushed out a new update – Java SE 8, Update 73.

Microsoft
Adobe

Patch Tuesday October 2014

Another month, another patch tuesday!

Microsoft issued eight security bulletins that address over two dozen vulnerabilities, including previously mentioned SandWorm.

Adobe has released security hotfixes for ColdFusion versions for all platforms. These hotfixes address a security permissions issue that could be exploited by an unauthenticated local user to bypass IP address access control restrictions applied to the ColdFusion Administrator. Cross-site scripting and cross-site request forgery vulnerabilities are also addressed in the hotfixes.

Adobe has also released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.

Oracle has released critical updates to a large amount of software (see link below), but amongst the most noticable are Oracle Database, Solaris, MySQL, VirtualBox and Java.

More information:
http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html
http://helpx.adobe.com/security/products/flash-player/apsb14-22.html
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
https://technet.microsoft.com/library/security/ms14-oct

Patch Tuesday January 2014

Microsoft has released updates to address vulnerabilities in Microsoft Office, Server Software, Windows, and Microsoft Dynamics AX, as part of the Microsoft Security Bulletin Summary for January 2014. These vulnerabilities could allow remote code execution, elevation of privilege or a denial of service.

Adobe has released security updates for Adobe Flash Player (11.9.900.170) and earlier versions for Windows, Macintosh, Adobe Flash Player (11.2.202.332), and Linux to address multiple vulnerabilities that may allow an attacker to take control of the affected system.

Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.05) and earlier versions for Windows and Macintosh to address multiple vulnerabilities affecting the following software versions:
Adobe Reader XI (11.0.05) and earlier 11.x versions for Windows and Macintosh
Adobe Reader X (10.1.8) and earlier 10.x versions for Windows and Macintosh
Adobe Acrobat XI (11.0.05) and earlier 11.x versions for Windows and Macintosh
Adobe Acrobat X (10.1.8) and earlier 10.x versions for Windows and Macintosh
Exploitation of these vulnerabilities could lead to a crash or potentially allow an attacker to take control of the affected system.

Oracle has released its Critical Patch Update for January 2014 to address 144 vulnerabilities across multiple products. This update contains the following security fixes:
5 for Oracle Database Server
22 for Oracle Fusion Middleware
2 for Oracle Hyperion
4 for Oracle E-Business Suite
16 for Oracle Supply Chain Products Suite
17 for Oracle PeopleSoft Products
2 for Oracle Siebel CRM
1 for Oracle iLearning
1 for Oracle Financial Services Software
36 for Oracle Java SE
11 for Oracle and Sun Systems Products Suite
9 for Oracle Virtualization
18 for Oracle MySQL

More information:
http://technet.microsoft.com/en-us/security/bulletin/ms14-jan
http://helpx.adobe.com/security/products/acrobat/apsb14-01.html
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
http://helpx.adobe.com/security/products/flash-player/apsb14-02.html
http://www.us-cert.gov/ncas/current-activity/2014/01/10/Microsoft-Releases-Advance-Notification-January-Security-Bulletin
https://www.us-cert.gov/ncas/current-activity/2014/01/14/Adobe-Releases-Security-Updates-Adobe-Flash-Player
https://www.us-cert.gov/ncas/current-activity/2014/01/14/Oracle-Releases-January-2014-Security-Advisory
https://www.us-cert.gov/ncas/current-activity/2014/01/14/Adobe-Releases-Security-Updates-Adobe-Reader-and-Acrobat

Oracle fixes vulnerabilities

Oracle have released fifty one vulnerabilities, where twelve are critical.

Oracle Java SE: 51
Oracle Database Server: 4
Oracle Fusion Middleware: 17
Oracle Enterprise Manager Grid Control: 4
Oracle E-Business Suite: 1
Oracle Supply Chain Products Suite: 2
Oracle PeopleSoft Products: 8
Oracle Siebel CRM: 9
Oracle iLearning: 2
Oracle Industry Applications: 6
Oracle Financial Services Software: 1
Oracle Primavera Products Suite: 2
Oracle and Sun Systems Products Suite: 12
Oracle Virtualization: 2
Oracle MySQL: 12

More information: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

Oracle Patch Advisory July 2013

Oracle have released their Patch Advisory for July 2013, and this time it contains 89 items to be patched. The affected versions which have been patched are the following:

Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.4, 10.2.0.5
Oracle Access Manager, versions 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0
Oracle Endeca Server, versions 7.4.0, 7.5.1.1
Oracle HTTP Server, versions 10.1.3.5.0
Oracle JRockit, versions R27.7.5 and earlier, R28.2.7 and earlier
Oracle Outside In Technology, versions 8.3.7, 8.4.0, 8.4.1
Oracle WebCenter Content, versions 10.1.3.5.1, 11.1.1.6.0, 11.1.1.7.0
Oracle Hyperion BI, versions 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, 11.1.2.2.305 and earlier
Enterprise Manager Plugin for Database 12c Release 1, versions 12.1.0.2, 12.1.0.3
Enterprise Manager Grid Control 11g Release 1, version 11.1.0.1
Enterprise Manager Grid Control 10g Release 1, version 10.2.0.5
Oracle E-Business Suite Release 12i, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle Agile Collaboration Framework, version 9.3.1
Oracle Agile PLM Framework, version 9.3.1
Oracle Agile Product Framework, version 9.3.1
Oracle PeopleSoft Enterprise Portal, version 9.1
Oracle PeopleSoft HRMS, version 9.1
Oracle PeopleSoft PeopleTools, versions 8.51, 8.52, 8.53
Oracle iLearning, versions 5.2.1, 6.0
Oracle Policy Automation, versions 10.2.0, 10.3.0, 10.3.1, 10.4.0, 10.4.1, 10.4.2
Oracle and Sun Systems Product Suite
Oracle Secure Global Desktop, versions 4.6 prior to 4.63, 4.7 prior to 4.71
Oracle MySQL Server, versions 5.1, 5.5, 5.6

It is recommended to update to the latest versions as soon as possible.

More information: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

Oracle Patches JDK/JRE

Oracle have released information about multiple critical Java vulnerabilities which affects JDK/JRE.

Affected product releases and versions
JDK and JRE 7 Update 21 and earlier
JDK and JRE 6 Update 45 and earlier
JDK and JRE 5.0 Update 45 and earlier
JavaFX 2.2.21 and earlier

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 40 new security fixes across Java SE products of which 4 are applicable to server deployments of Java.

More information: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

Oracle Patch Update April 2013

Oracle has released patch information for their April 2013 updates. This contains 128 security patches, with a lot of them being critical and for Java! Because of this, we advice users to update their applications as soon as possible!

Security vulnerabilities addressed by this Critical Patch Update affect the following products:

Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Application Express, versions prior to 4.2.1
Oracle Containers for J2EE, version 10.1.3.5
Oracle COREid Access, version 10.1.4.3
Oracle GoldenGate Veridata, version 3.0.0.11
Oracle HTTP Server, versions 10.1.3.5.0, 11.1.1.5.0, 11.1.1.6.0
Oracle JRockit, versions R27.7.4 and earlier, R28.2.6 and earlier
Oracle Outside In Technology, versions 8.3.7, 8.4.0
Oracle WebCenter Capture, version 10.1.3.5.1
Oracle WebCenter Content, versions 10.1.3.5.1, 11.1.1.6.0
Oracle WebCenter Interaction, versions 6.5.1, 10.3.3.0
Oracle WebCenter Sites, versions 7.6.2, 11.1.1.6.0, 11.1.1.6.1
Oracle WebLogic Server, versions 10.0.2, 10.3.5, 10.3.6, 12.1.1
Oracle Web Services Manager, version 11.1.1.6
Oracle E-Business Suite Release 12, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle Agile EDM, versions 6.1.1.0, 6.1.2.0, 6.1.2.2
Oracle Transportation Management, versions 5.5.05, 6.2
Oracle PeopleSoft HRMS, version 9.1
Oracle PeopleSoft PeopleTools, versions 8.51, 8.52, 8.53
Oracle Siebel CRM, versions 8.1.1, 8.2.2
Oracle Clinical Remote Data Capture Option, versions 4.6.0, 4.6.6
Oracle Retail Central Office, versions 13.1, 13.2, 13.3, 13.4
Oracle Retail Integration Bus, versions 13.0, 13.1, 13.2
Oracle FLEXCUBE Direct Banking, versions 2.8.0 – 12.0.1
Primavera P6 Enterprise Project Portfolio Management, versions 7.0, 8.1, 8.2
Oracle and Sun Systems Product Suite
Oracle Sun Middleware Products
Oracle MySQL Server, versions 5.1, 5.5, 5.6
Oracle Automatic Service Request, versions prior to 4.3.2

More information: http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html