Critical Security Alert: Quarterly Oracle Security Vulnerabilities Affect Various Software Products for Servers. Immediate Action Required.
Friday, July 17, 2009
Oracle Corporation has released critical security updates to correct 10 new security vulnerabilities affecting a variety of its software products, including its database products.
Oracle recommends that all users identify, test, and install the appropriate security patches. For more information about the Oracle patches that address these vulnerabilities, please refer to Oracle's Web site at http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html. .
Oracle is releasing these security updates as part of its quarterly patch cycle. This Critical Patch Update contains 10 new security patches for the Oracle Database.
Oracle products affected by these security vulnerabilities include the following:
- Oracle Database 11g, version 11.1.0.6, 11.1.0.7
- Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4
- Oracle Database 10g, version 10.1.0.5
- Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
An attacker who successfully exploits these vulnerabilities could cause a denial of service, execute arbitrary commands, read and overwrite arbitrary files, disclose sensitive information, conduct SQL injection and cross-site scripting attacks, or bypass certain security restrictions.
Please contact the Technology Help Desk at 412 624-HELP [4357] if you have any questions or need assistance downloading and installing the appropriate security updates.