Alert GCSA-23006 - Oracle Critical Patch Update Advisory - January 2023


******************************************************************

Alert ID: GCSA-23006
Data: 20 Gennaio 2023
Titolo: Oracle Critical Patch Update Advisory - January 2023

******************************************************************

:: Descrizione del problema

Oracle ha rilasciato la Critical Patch Update January 2023.
L'aggiornamento risolve 327 vulnerabilita' che sono presenti
in vari prodotti, di cui 146 con gravita' "alta" e 71 con
gravita' "critica".

Un aggressore remoto potrebbe sfruttare alcune di queste
vulnerabilita' per prendere il controllo di un sistema interessato.
Oracle raccomanda di applicare gli aggiornamenti appena possibile.

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato

Big Data Graph
Commerce
Communications
Communications Applications
Construction and Engineering
Database Server
E-Business Suite
Enterprise Manager
Essbase
Financial Services Applications
Food and Beverage Applications
Fusion Middleware
Global Lifecycle Management
GoldenGate
Graph Server and Client
Health Sciences Applications
HealthCare Applications
Hospitality Applications
Hyperion
Insurance Applications
Java SE
JD Edwards
MySQL
PeopleSoft
Retail Applications
Siebel CRM
Spatial Studio
Supply Chain
Support Tools
Systems
TimesTen In-Memory Database
Utilities Applications
Virtualization

Per una descrizione completa si rimanda alla segnalazione ufficiale
nella sezione "Riferimenti".


:: Impatto

Denial of Service (DoS)
Data Manipulation (Tampering)
Esecuzione remota di codice arbitrario (RCE)
Rivelazione di informazioni (ID)
Bypass delle funzionalita' di sicurezza (SFB)

L'impatto delle vulnerabilita' varia a seconda del prodotto,
della componente e della configurazione del sistema.


:: Soluzioni

Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle.

Alcune applicazioni che utilizzano i software interessati
potrebbero non funzionare correttamente dopo l'aggiornamento
alla versione piu' recente. Effettuare l'aggiornamento
dopo aver considerato ogni possibile impatto.

Java SE Downloads
https://www.oracle.com/java/technologies/javase-downloads.html

Free Java Download
https://java.com/en/download/


:: Riferimenti

Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujan2023.html
https://www.oracle.com/security-alerts/cpujan2023verbose.html

Oracle Critical Patch Updates, Security Alerts and Bulletins
https://www.oracle.com/security-alerts/

Oracle Java SE Support Roadmap
https://www.oracle.com/java/technologies/java-se-support-roadmap.html

CSIRT Italia
https://www.csirt.gov.it/contenuti/critical-patch-update-di-oracle-al05-230118-csirt-ita

I riferimenti CVE sono disponibili nell'advisory originale
Di seguito solo i Mitre CVE con gravita' "critica"
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1273
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2526
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42915
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43403
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21890




GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEAREIAAYFAmPKaJwACgkQwZxMk2USYEJ2mACgruLLXUD6X9WCgOCc5IgOMhc8
ojYAn3gU0dLXMsXhqThD+DB6g73VFLBs
=DND2
-----END PGP SIGNATURE-----