甲骨文发布2012 1月数据库安全补丁Critical Patch Update January 2012

于 2013-03-19 00:51:00 发布
阅读量163 收藏
点赞数
文章标签: 数据库
甲骨文公司发布了2012年1月的关键补丁更新,此次更新修复了Oracle数据库11g及10g等多个版本的安全漏洞。共涉及27个MySQL补丁,其中部分补丁无需登录凭证即可被远程利用。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

甲骨文公司(Oracle Corp)会在今天的(2012-01-17 Tuesday)的晚些时候发布最新的数据库安全补丁Critical Patch Update January 2012; 在OTN的CPU security专题页面上已经生成了 《Oracle Critical Patch Update Pre-Release Announcement - January 2012》的页面;将要发布的安全补丁涵盖多个版本的Oracle数据库:  

Affected Products and Components

Security vulnerabilities addressed by this Critical Patch Update affect the following products:
  • Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3
  • Oracle Database 11g Release 1, version 11.1.0.7
  • Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
  • Oracle Database 10g Release 1, version 10.1.0.5
  实际因为版本10gR2已经正式进入Extended Support扩展支持阶段,所以下载10.2.0.4、10.2.0.5今后的CPU、PSU将(10.2.0.4.10、10.2.0.5.5 以后)需要用户已购买甲骨文公司的扩展支持服务包。   "甲骨文称,有27个补丁是修复MySQL数据库中的安全漏洞。其中一个安全漏洞不需要登录证书就可以在网络上利用。按照通用安全漏洞评分系统(CVSS)数据库的平分,MySQL数据库安全漏洞的最高等级是5.5,属于中等风险等级。 另外两个补丁修复甲骨文数据中的安全漏洞。甲骨文还计划为Fusion中间件软件发布11个补丁。其中修复的5个安全漏洞能够远程利用,不需要用户身份识别。 在应用程序方面,甲骨文电子商务套装软件将得到3个安全补丁。供应链应用套装软件将得到1个安全补丁。仁科软件得到6个补丁。JD Edwards软件得到8个补丁。 大约17个安全补丁与Sun的产品有关,其中包括6个不需要证书就可以远程利用的安全漏洞。受影响的产品包括GlassFish企业服务器和和Solaris OS。 另外3个补丁用于甲骨文包括VirtualBox在内的虚拟化技术。"   在My Oracle Support (MOS)服务站点上已经生成了 <Oracle Critical Patch Update January 2012 Documentation Map [ID 1368685.1]>这个补丁文档patch note:   "Oracle provides Critical Patch Updates to its customers to fix security vulnerabilities. This document defines the Documentation Map to documents identifying patches and minimum releases that are required for the Oracle products to address the security vulnerabilities that are announced in the Advisory for January 2012 (the updates will be entered here when CPU is released). "   补丁列表已发布:   Patch Availability for Oracle Database 11.2.0.3  
Oracle Database 11.2.0.3UNIXMicrosoft Windows (32-Bit)Microsoft Windows x64 (64-bit)Advisory NumberComments
Oracle Database homeCPU Patch 13466801, or DB PSU Patch 13343438, or GI PSU Patch 13348650, or Database patch for Exadata Patch 13513783, or Quarterly Full Stack download for Exadata Patch 13551280Bundle Patch 13413167Bundle Patch 13413168
  Patch Availability for Oracle Database 11.2.0.2  
Oracle Database 11.2.0.2UNIXMicrosoft Windows (32-Bit)Microsoft Windows x64 (64-bit)Advisory NumberComments
Oracle Database homeCPU Patch 13343244, or DB PSU Patch 13343424, or GI PSU Patch 13343447, or Exadata Database Recommended Patch 14 Patch 13556724Bundle Patch 13413154Bundle Patch 13413155CVE-2012-0072, CVE-2012-0082
  Patch Availability for Oracle Database 11.1.0.7  
Oracle Database 11.1.0.7UNIXMicrosoft Windows (32-Bit)Microsoft Windows x64 (64-Bit)Advisory NumberComments
Oracle Database homeCPU Patch 13343453, or PSU Patch 13343461Bundle Patch 13460955Bundle Patch 13460956CVE-2012-0072, CVE-2012-0082
Oracle Database homePatch 9288120Patch 9288120Patch 9288120Released April 2011Database UIX For Oracle Secure Enterprise Search 11.1.2.x installations, follow the instructions given in MOS note Note 1359600.1.
Oracle Database homePatch 10073948Patch 10073948Patch 10073948Released April 2011Enterprise Manager Database Control UIX Not applicable to Oracle Secure Enterprise Search 11.1.2.x
Oracle Database homePatch 11738232Patch 11738232Patch 11738232Released April 2011Warehouse Builder Not applicable to Oracle Secure Enterprise Search 11.1.2.x
  Patch Availability for Oracle Database 10.2.0.5  
Oracle Database 10.2.0.5UNIXMicrosoft Windows (32-Bit)Microsoft Windows Itanium (64-Bit)Microsoft Windows x64 (64-Bit)Advisory NumberComments
Oracle Database homeCPU Patch 13343467, or PSU Patch 13343471Bundle Patch 13460967NABundle Patch 13460968CVE-2012-0072, CVE-2012-0082
Oracle Database homePatch 12536181NANANAReleased July 2011Enterprise Manager Database Control For HP-UX PA-RISC and HP-UX Itanium platforms only
Oracle Database homePatch 11738172Patch 11738172Patch 11738172Patch 11738172Released April 2011Warehouse Builder
    Patch Availability for Oracle Database 10.2.0.4  
Oracle Database 10.2.0.4UNIXAdvisory NumberComments
Oracle Database homeCPU Patch 12879912, or PSU Patch 12879929CVE-2012-0072, CVE-2012-0082
Oracle Database homePatch 12536167Released July 2011Enterprise Manager Database Control For HP-UX PA-RISC and HP-UX Itanium platforms only
Oracle Database homePatch 9249369Released April 2011Database UIX
Oracle Database homePatch 12758181Released July 2011Enterprise Manager Database Control UIX
Oracle Database homePatch 9273865Released April 2011iSqlPlus UIX
 
ComponentIBM zSeries (z/OS)Advisory NumberComments
Oracle Database homeCPU Patch 13343479CVE-2012-0072, CVE-2012-0082
  Patch Availability for Oracle Database 10.1.0.5  
Oracle Database 10.1.0.5UNIXMicrosoft Windows (32-Bit)Microsoft Windows Itanium (64-Bit)Advisory NumberComments
Oracle Database homePatch 6640838Patch 6640838Patch 6640838Released October 2010Oracle Universal Installer
Oracle Database homePatch 11842285NANAReleased July 2011Oracle Universal Installer
Oracle Database homeCPU Patch 13343482Bundle Patch 13413002Bundle Patch 13413003CVE-2012-0072, CVE-2012-0082
Oracle Database homePatch 12535977NANAReleased July 2011Enterprise Manager Database Control For HP-UX PA-RISC and HP-UX Itanium platforms only
Oracle Workspace Manager homePatch 7341989Patch 7341989Patch 7341989Released April 2009
Oracle Database homePatch 9249369Patch 9249369Patch 9249369Released April 2011Database UIX
Oracle Database homePatch 10036362Patch 10036362Patch 10036362Released April 2011Enterprise Manager Database Control UIX
Oracle Database homePatch 9273888Patch 9273888Patch 9273888Released April 2011iSqlPlus UIX
  Patch Set Update Availability for Oracle Database  
Oracle DatabaseUNIXAdvisory NumberComments
11.2.0.2.4 Database PSUPatch 13343424See Section 3.1.3.3, "Oracle Database 11.2.0.2"
11.2.0.2.4 Grid Infrastructure PSUPatch 13343447See Section 3.1.3.3, "Oracle Database 11.2.0.2"Includes CPUJan2012 and 11.2.0.2.4 Database PSU IBM: Linux on System Z and HP-UX PA-RISC are On-Request Platforms for GI PSU 11.2.0.2.4
11.2.0.2 BP12 for ExadataPatch 13556724See Section 3.1.3.3, "Oracle Database 11.2.0.2"Includes CPUJan2012 and 11.2.0.2.4 Database and Grid Infrastructure PSU fixes for Exadata
11.1.0.7.9 Database PSUPatch 13343461See Section 3.1.3.4, "Oracle Database 11.1.0.7"
11.1.0.7.7 CRS PSUPatch 11724953Released April 2011
10.2.0.5.5 Database PSUPatch 13343471See Section 3.1.3.5, "Oracle Database 10.2.0.5"
10.2.0.5.2 CRS PSUPatch 9952245Released January 2011IBM: Linux on System Z, Solaris x86-64 and HP-UX PA-RISC are On-Request Platforms for CRS PSU 10.2.0.5.2
10.2.0.4.10 Database PSUPatch 12879929See Section 3.1.3.6, "Oracle Database 10.2.0.4"Overlay PSU
10.2.0.4.4 Database PSUPatch 9352164Released April 2010Base PSU for 10.2.0.4.10
10.2.0.4.4 CRS PSUPatch 9294403Released April 2010
  在11gR2 当前最新版本11.2.0.3的第一个psu 11.2.0.3.1中修复了几十个bug:  
CPU molecules in PSU 11.2.0.3.1: PSU 11.2.0.3.1 contains the following new PSU 11.2.0.3.1 molecules: 13499128 - DB-11.2.0.3-MOLECULE-001-CPUJAN2012 13528551 - DB-11.2.0.3-MOLECULE-002-CPUJAN2012

Bug Fixes

See My Oracle Support Note 1340011.1 that documents all the non-security bugs fixed in each 11.2.0.2 Patch Set Update (PSU). PSU 11.2.0.3.1 contains the following new fixes: Automatic Storage Management 9703627 - 11.2.0.2: ROOT USE OF ASMCMD PLACES ALERT.LOG IN USER DIRECTORY 12620823 - SOL-SP64-11203:ASM INSTANCE HANG DURING CRS STACK STARTING ON THE SECOND NODE 12797765 - SOL_SP64: AFTER ALL DISKS FAILURE, DG CAN'T BE DISMOUNTED ON T2000-3 12905058 - REBOOT 2 CELL NODES, CHECKFILE FOUND CORRUPTION BLOCK IN 3 UNDO DATAFILES 12938841 - 11203_ASM_SOL_SP64:RACE BETWEEN ADD DISK AND DISMOUNT MAY CAUSE KFGUSENUM01 12950644 - RBAL HIT ORA-07445:[KFDGLOBALOPEN()+738], ASM INST ABORT   Generic 9873405 - ORA-600 DURING FAST REFRESH AFTER 11.2.0.1.0 TO 11.2.0.2.0 UPDATE.   High Availability 12718090 - LNX64-11203-RAC:DB FG RROC HIT ORA-00600[KCLCHKBLK_3] 12834027 - ORA-00600 [KJBMPRLST:SHADOW] & [KJBRASR:PKEY] IN A READ MOSTLY & SKIP LOCK ENV 12847466 - AROLTP-C: HANG SIGNATURE: 'GC CURRENT REQUEST'<='GC BUFFER BUSY ACQUIRE' 12861463 - RAC PERF: DEFAULT VALUE FOR _LM_SINGLE_INST_AFFINITY_LOCK SHOULD BE FALSE 12917230 - QUERY WITH TEMP TABLE TRANSFORMATION RUNS 5X SLOWER WAITING FOR REMASTERING 12998795 - AROLTP-C: HANG SIGNATURE: 'GC CURRENT REQUEST'<='GC BUFFER BUSY ACQUIRE' 13035804 - LACK OF DLM PSEUDO RECONFIGURATION TEXTUAL REASON   Oracle Space Management 13041324 - HCC ON ZFS AND PILLAR STORAGE 13492735 - DISALLOW ADDING NON-HCC DATAFILE TO HCC TABLESPACE   Oracle Virtual Operating System Services 13362079 - HCC SHOULD NOT BE ENABLED FOR NON ZFS/ PILLAR STORAGE ARRAY
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值