2005年4月14日,Oracle针对多个安全漏洞发布了一个累积性更新。在厂商公告中,主要包括关于认证机制和数据访问控制的漏洞,但没有披露各漏洞的细节。
受影响的平台:
Oracle Database 1g 1, versions 10.1.0.2, 10.1.0.3, 10.1.0.3.1, 10.1.0.4 (10.1.0.3.1 is supported for Oracle Application Server Only)
Oracle9i Database Server Release 2, versions 9.2.0.5,9.2.0.6
Oracle9i Database Server Release 1, versions 9.0.1.4,9.0.1.5,9.0.4 (9.0.1.5 FIPS) (all of which are supported for Oracle Application Server only)
Oracle8i Database Server Release 3, version 8.1.7.4
Oracle Application Server 10g Release 2 (10.1.2)
Oracle Application Server 10g (9.0.4), versions 9.0.4.0, 9.0.4.1
Oracle9i Application Server Release 2, versions 9.0.2.3, 9.0.3.1
Oracle9i Application Server Release 1, version 1.0.2.2
Oracle Collaboration Suite Release 2, versions 9.0.4.1,9.0.4.2
Oracle E-Business Suite and Applications Release 11i,versions11.5.0 through 11.5.10
Oracle E-Business Suite and Applications Release 11.0
Oracle Enterprise Manager Grid Control 10g, versions10.1.0.2, 10.1.0.3
Oracle Enterprise Manager versions 9.0.4.0, 9.0.4.1
PeopleSoft EnterpriseOne Applications, versions 8.9 SP2 and 8.93
PeopleSoft OneWorldXe/ERP8 Applications, versions SP22 and higher
解决方案:建议及时安装补丁。
参考信息:
http://www.ciac.org/ciac/bulletins/p-182.shtml
http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf
(T114)
