October 16, 2009

Heads up – Critical Patch Update affecting OBIEE

Filed under: bug, OAS, obiee, security — rmoff @ 09:40

The Critical Patch Update Pre-Release Announcement for October has been published. The pre-release is advance notice of the affected software prior to release of the quarterly Critical Patch Update. It is published on the Thursday prior to the patch releases (which was postponed by a week because of OOW).

It looks like if you’re running OBIEE or through OAS then you should check back next Tuesday 20th for details.

Paraphrasing the announcement:

Security vulnerabilities addressed by this Critical Patch Update affect the following products:
• Oracle Application Server 10g Release 3 (10.1.3), versions,
• Oracle Application Server 10g Release 2 (10.1.2), version
• Oracle Business Intelligence Enterprise Edition, versions,
Oracle Application Server Executive Summary

This Critical Patch Update contains 3 new security fixes for the Oracle Application Server. 2 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. None of these fixes are applicable to client-only installations, i.e., installations that do not have an Oracle Application Server installed.
The highest CVSS base score of vulnerabilities affecting Oracle Application Server products is 4.3.

The Oracle Application Server components affected by vulnerabilities that are fixed in this Critical Patch Update are:

* Oracle Business Intelligence Enterprise Edition

More details from the Oracle Critical Patch Updates and Security Alerts page.

[update 21st October]
Details here, patch is for BI Server so presumably the application server is irrelevant


Blog at WordPress.com.

%d bloggers like this: