{"id":788,"date":"2012-05-08T11:23:37","date_gmt":"2012-05-08T09:23:37","guid":{"rendered":"http:\/\/www.oradba.ch\/?p=788"},"modified":"2012-05-08T11:23:38","modified_gmt":"2012-05-08T09:23:38","slug":"important-links-around-the-oracle-cpu-psu-april-2012","status":"publish","type":"post","link":"https:\/\/www.oradba.ch\/wordpress\/2012\/05\/important-links-around-the-oracle-cpu-psu-april-2012\/","title":{"rendered":"Important links around the Oracle CPU \/ PSU April 2012"},"content":{"rendered":"<p>I&#8217;ve been out of office when the April CPU \/ PSU has been officially released by Oracle and missed to write a blog post. Nevertheless I&#8217;ll now take the chance to put a few information and links around the latest CPU together.<br \/>\nThe current CPU \/ PSU patches are available for 10g and 11g, whereby the download of 10g patches is only possible with a corresponding Extended Support contract.<br \/>\nOverall Oracle addressed 88 vulnerabilities for several Oracle products in this security advisory. 6 of these fixes are just for the Oracle Database Server and one for client-only installations. The maximum CVSS base score for pure Oracle Server vulnerabilities is 9.0, which is quite high. But the big bang are not security fixes with a CVSS of 9.0 but old vulnerabilities which are not fixed. oracle addressed them with a dedicated alert <a href=\"http:\/\/www.oracle.com\/technetwork\/topics\/security\/alert-cve-2012-1675-1608180.html\">Oracle Security Alert for CVE-2012-1675<\/a>. The alert is related to an issue identified by Joxean Koret somewhen in 2008 and known as <a href=\"http:\/\/seclists.org\/fulldisclosure\/2012\/Apr\/204\">TNS Poison<\/a> I&#8217;ll post a few comments on this later this week.<\/p>\n<p>Affected database component according to the <a href=\"http:\/\/www.oracle.com\/technetwork\/topics\/security\/cpuapr2012-366314.html#AppendixDB\">Database Server Risk Matrix<\/a>:<\/p>\n<ul>\n<li>Core RDBMS (mainly Oracle Net)<\/li>\n<li>OCI<\/li>\n<li>Application Express<\/li>\n<li>Enterprise Manager Base Platform<\/li>\n<\/ul>\n<p>The Database Server Patch&#8217;s are available for Oracle Database 11g Release 2 (11.2.0.2, 11.2.0.3), Oracle Database 11g Release (11.1.0.7) and Oracle Database 10g Release 2 (10.2.0.3, 10.2.0.4, 10.2.0.5). There is no patch available for Oracle Database 10g Release 1 (10.1.0.5).<\/p>\n<ul>\n<li><a href=\"https:\/\/support.oracle.com\/CSP\/main\/article?cmd=show&#038;type=NOT&#038;id=1406574.1#CHDHGEJG\">Oracle Database 11.2.0.3<\/a> => normal CPU\/PSU<\/li>\n<li><a href=\"https:\/\/support.oracle.com\/CSP\/main\/article?cmd=show&#038;type=NOT&#038;id=1406574.1#CHDEBEJC\">Oracle Database 11.2.0.2<\/a> => normal CPU\/PSU<\/li>\n<li><a href=\"https:\/\/support.oracle.com\/CSP\/main\/article?cmd=show&#038;type=NOT&#038;id=1406574.1#CHDGJFBG\">Oracle Database 11.1.0.7<\/a> => normal CPU\/PSU<\/li>\n<li><a href=\"https:\/\/support.oracle.com\/CSP\/main\/article?cmd=show&#038;type=NOT&#038;id=1406574.1#BABECAJA\">Oracle Database 10.2.0.x<\/a> => normal CPU\/PSU<\/li>\n<\/ul>\n<p>A bunch of useful links around the current CPU \/ PSU:<\/p>\n<ul>\n<li><a href=\"http:\/\/www.oracle.com\/technetwork\/topics\/security\/cpuapr2012-366314.html\">Oracle Critical Patch Update Advisory &#8211; April 2012<\/a><\/li>\n<li>Oracle Critical Patch Update April 2012 Documentation Map <em><a href=\"https:\/\/support.oracle.com\/CSP\/main\/article?cmd=show&#038;type=NOT&#038;id=1395797.1\">[1395797.1]<\/a><\/em><\/li>\n<li>Patch Set Update and Critical Patch Update April 2012 Availability Document<em><a href=\"https:\/\/support.oracle.com\/CSP\/main\/article?cmd=show&#038;type=NOT&#038;id=1406574.1\">[1406574.1]<\/a><\/em><\/li>\n<li>The security alert after the critical patch update advisory <a href=\"http:\/\/www.oracle.com\/technetwork\/topics\/security\/alert-cve-2012-1675-1608180.html\">Oracle Security Alert for CVE-2012-1675<\/a>. I&#8217;ll write a bit more information in a separate post.<\/li>\n<\/ul>\n<p>As well as a few generic links about CPU \/ PSU:<\/p>\n<ul>\n<li><a href=\"http:\/\/www.oracle.com\/technetwork\/topics\/security\/alerts-086861.html\">Critical Patch Updates and Security Alerts<\/a><\/li>\n<li>Release Schedule of Current Database Releases <em><a href=\"https:\/\/support.oracle.com\/CSP\/main\/article?cmd=show&#038;type=NOT&#038;id=742060.1\">[ID 742060.1]<\/a><\/em><\/li>\n<li>Risk Matrix Glossary &#8211; terms and definitions for Critical Patch Update risk matrices <em><a href=\"https:\/\/support.oracle.com\/CSP\/main\/article?cmd=show&#038;type=NOT&#038;id=394486.1\">[ID 394486.1]<\/a><\/em><\/li>\n<li>Use of Common Vulnerability Scoring System (CVSS) by Oracle <em><a href=\"https:\/\/support.oracle.com\/CSP\/main\/article?cmd=show&#038;type=NOT&#038;id=394487.1\">[ID 394487.1]<\/a><\/em><\/li>\n<li>DB, FMW, EM Grid Control, and OCS Software Error Correction Support Policy <em><a href=\"https:\/\/support.oracle.com\/CSP\/main\/article?cmd=show&#038;type=NOT&#038;id=209768.1\">[ID 209768.1<\/a>]<\/em><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>A few weeks ago oracle officially released the CPU \/ PSU Patches for April 2012. The Critical Patch Updates contains 88 security fixes across all products. But only 6 out of this 88 fixes are for Oracle databases. This post will summarize a bit the information and links around this CPU \/ PSU release.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[46,11],"tags":[50,138,18],"class_list":["post-788","post","type-post","status-publish","format-standard","hentry","category-cpu","category-security","tag-advisory","tag-cpu","tag-trivadiscontent"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1aErb-cI","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":757,"url":"https:\/\/www.oradba.ch\/wordpress\/2012\/01\/update-oracle-released-cpu-psu-january-2012\/","url_meta":{"origin":788,"position":0},"title":"Update: Oracle released CPU \/ PSU January 2012","author":"Stefan","date":"24. January 2012","format":false,"excerpt":"Oracle has officially released the CPU \/ PSU Patches for january 2012. The Critical Patch Updates contains 78 security fixes across all products. But only two out of this 78 fixes are for Oracle databases.","rel":"","context":"In &quot;11gR1&quot;","block_context":{"text":"11gR1","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/11gr1\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":689,"url":"https:\/\/www.oradba.ch\/wordpress\/2011\/10\/update-oracle-released-cpu-psu-october-2011\/","url_meta":{"origin":788,"position":1},"title":"Update: Oracle released CPU \/ PSU October 2011","author":"Stefan","date":"19. October 2011","format":false,"excerpt":"Oracle has just officially released the CPU \/ PSU Patches for october 2011. In contrast to the previously announced 56 bug fixes, there are now 57 bugfix. It looks like another bug fix for databases has been added to the CPU \/ PSU bundle.","rel":"","context":"In &quot;10gR2&quot;","block_context":{"text":"10gR2","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/10gr2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2815,"url":"https:\/\/www.oradba.ch\/wordpress\/2018\/10\/oracle-cpu-psu-advisory-october-2018\/","url_meta":{"origin":788,"position":2},"title":"Oracle CPU \/ PSU Advisory October 2018","author":"Stefan","date":"22. October 2018","format":false,"excerpt":"Oracle has recently published the Critical Patch Update Advisory for the October 2018. It's once more quite a heavy update with not less than 301 security vulnerability fixes across the Oracle products. The Oracle database is relatively prominently represented with 3 security vulnerabilities and a maximal CVSS rating of 9.8.\u2026","rel":"","context":"In &quot;12R2&quot;","block_context":{"text":"12R2","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/12r2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3140,"url":"https:\/\/www.oradba.ch\/wordpress\/2019\/07\/oracle-cpu-psu-advisory-july-2019\/","url_meta":{"origin":788,"position":3},"title":"Oracle CPU \/ PSU Advisory July 2019","author":"Stefan","date":"17. July 2019","format":false,"excerpt":"Recently, just in the middle of the summer holidays, Oracle has released the third Critical Patch Advisory for its products. It seems there's a lot of work going on in Redwood Shore. Oracle has fixed about 319 security vulnerabilities across their products. The Oracle database is relatively prominently represented with\u2026","rel":"","context":"In &quot;11gR2&quot;","block_context":{"text":"11gR2","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/11gr2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":724,"url":"https:\/\/www.oradba.ch\/wordpress\/2012\/01\/oracle-cpu-psu-pre-release-announcement-januar-2012\/","url_meta":{"origin":788,"position":4},"title":"Oracle CPU \/ PSU Pre-Release Announcement Januar 2012","author":"Stefan","date":"13. January 2012","format":false,"excerpt":"Oracle has recently published the Pre-Release Announcement for the CPU Patch. This Critical Patch Update contains 78 new security vulnerability fixes for several Oracle products. 2 of these fixes are just for the Oracle Database Server.","rel":"","context":"In &quot;11gR2&quot;","block_context":{"text":"11gR2","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/11gr2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2270,"url":"https:\/\/www.oradba.ch\/wordpress\/2017\/04\/oracle-cpu-psu-announcement-april-2017\/","url_meta":{"origin":788,"position":5},"title":"Oracle CPU \/ PSU Announcement April 2017","author":"Stefan","date":"19. April 2017","format":false,"excerpt":"Last night Oracle released there new Critical Patch Update. From the DB perspective it is a rather small patch update. It just includes 2 fixes for security vulnerabilities on Oracle database 11.2.0.4 and 12.1.0.2. None of the vulnerabilities are remote exploitable without authentication but one fix is also for client\u2026","rel":"","context":"In &quot;11gR2&quot;","block_context":{"text":"11gR2","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/11gr2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/788","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/comments?post=788"}],"version-history":[{"count":3,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/788\/revisions"}],"predecessor-version":[{"id":1150,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/788\/revisions\/1150"}],"wp:attachment":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/media?parent=788"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/categories?post=788"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/tags?post=788"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}