Sigurnosni nedostatak vezan uz Oracle poslužitelj

Ustanovljen je sigurnosni nedostatak vezan uz Oracle poslužitelj koji je dio SUSE Managera. Spomenuti nedostatak moguće je iskoristiti za izvršavanje proizvoljih naredbi nad bazom podataka.

Paket:	Oracle server
Operacijski sustavi:	SUSE Linux Enterprise Server (SLES) 11
Problem:	pogreška u programskoj komponenti
Iskorištavanje:	udaljeno
Posljedica:	pokretanje proizvoljnih naredbi
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2012-1675
Izvorni ID preporuke:	SUSE-SU-2012:0765-1
Izvor:	SUSE

Problem:
Propust je posljedica pogrešaka u komponenti TNS Listener.
Posljedica:
Udaljeni napadač može iskoristiti navedni propust za izvođenje proizvoljih naredbi nad bazom podataka.
Rješenje:
Svim korisnicima se savjetuje korištenje službene programske nadogradnje.

Izvorni tekst preporuke

   SUSE Security Update: Security update for oracle-update
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0765-1
Rating:             important
References:         #736238 #757705 #760074 #760660 #763895 #764049 
                    
Cross-References:   CVE-2012-1675
Affected Products:
                    SUSE Manager 1.2 for SLE 11 SP1
______________________________________________________________________________

   An update that solves one vulnerability and has 5 fixes is
   now available.

Description:


   This package wraps the Oracle Server update process for the
   Oracle server  included in SUSE Manager.

   On installation of this package it will pull and install
   the Oracle updates  and patches, integrated so that SUSE
   Manager is correctly stopped, the  databases converted and
   restarted.

   It contains a security helper script that may adjust the
   Oracle server  listening on all network interfaces to just
   listen on localhost  (CVE-2012-1675).

   To switch to a configuration that will restrict the
   listener to localhost  only run the following command as
   root:

   spacewalk-service stop /opt/apps/db-update/smdba-netswitch
   localhost spacewalk-service start

   In case you want to revert to the previous configuration,
   just run:

   spacewalk-service stop /opt/apps/db-update/smdba-netswitch
   worldwide spacewalk-service start

   Security Issue references:

   * CVE-2012-1675
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1675
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Manager 1.2 for SLE 11 SP1:

      zypper in -t patch sleman12sp1-oracle-update-6368

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Manager 1.2 for SLE 11 SP1 (x86_64):

      oracle-update-0.1-0.5.8.1


References:

   http://support.novell.com/security/cve/CVE-2012-1675.html
   https://bugzilla.novell.com/736238
   https://bugzilla.novell.com/757705
   https://bugzilla.novell.com/760074
   https://bugzilla.novell.com/760660
   https://bugzilla.novell.com/763895
   https://bugzilla.novell.com/764049
  
http://download.novell.com/patch/finder/?keywords=a0b8b5031c3d0c502432381a5213b6c2

-- 
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

Sigurnosni nedostatak vezan uz Oracle poslužitelj

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Sigurnosni nedostatak vezan uz Oracle poslužitelj

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti