Alert GCSA-23088 - Oracle Critical Patch Update Advisory - July 2023


******************************************************************

alert ID: GCSA-23088
data: 20 luglio 2023
titolo: Oracle Critical Patch Update Advisory - July 2023

******************************************************************

:: Descrizione del problema

Oracle ha rilasciato la Critical Patch Update July 2023.
L'aggiornamento risolve 508 vulnerabilita', presenti in vari prodotti.

Un aggressore remoto potrebbe sfruttare alcune di queste
vulnerabilita' per prendere il controllo di un sistema interessato.
Oracle raccomanda di applicare gli aggiornamenti appena possibile.

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato

Oracle Analytics
Oracle Application Express
Oracle Big Data Spatial and Graph
Oracle Commerce
Oracle Communications
Oracle Communications Applications
Oracle Construction and Engineering
Oracle Database Server
Oracle E-Business Suite
Oracle Enterprise Manager
Oracle Essbase
Oracle Financial Services Applications
Oracle Food and Beverage Applications
Oracle Fusion Middleware
Oracle GoldenGate
Oracle Graph Server and Client
Oracle Health Sciences Applications
Oracle Hospitality Applications
Oracle Hyperion
Oracle Insurance Applications
Oracle Java SE
Oracle JD Edwards
Oracle MySQL
Oracle NoSQL Database
Oracle PeopleSoft
Oracle Policy Automation
Oracle Retail Applications
Oracle Secure Backup
Oracle Siebel CRM
Oracle Spatial Studio
Oracle Supply Chain
Oracle Systems
Oracle TimesTen In-Memory Database
Oracle Utilities Applications
Oracle Virtualization

Per una descrizione completa si rimanda alla segnalazione ufficiale
nella sezione "Riferimenti".


:: Impatto

Esecuzione remota di codice arbitrario (RCE)
Denial of Service (DoS)
Bypass delle funzionalita' di sicurezza (SFB)
Data Manipulation (Tampering)
Rivelazione di informazioni (ID)

L'impatto delle vulnerabilita' varia a seconda del prodotto,
della componente e della configurazione del sistema.


:: Soluzioni

Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle.

Alcune applicazioni che utilizzano i software interessati
potrebbero non funzionare correttamente dopo l'aggiornamento
alla versione piu' recente. Effettuare l'aggiornamento
dopo aver considerato ogni possibile impatto.

Java SE Downloads
https://www.oracle.com/java/technologies/downloads/

Free Java Download
https://www.java.com/en/download/manual.jsp


:: Riferimenti

Oracle Critical Patch Updates, Security Alerts and Bulletins
https://www.oracle.com/security-alerts/
https://www.oracle.com/security-alerts/cpujul2023.html
https://www.oracle.com/security-alerts/cpujul2023verbose.html

Oracle Java SE Support Roadmap
https://www.oracle.com/java/technologies/java-se-support-roadmap.html

CSIRT Italia - Critical Patch Update di Oracle
https://www.csirt.gov.it/contenuti/critical-patch-update-di-oracle-al03-230719-csirt-ita

Mitre CVE
Di seguito riportiamo soltanto i CVE per vulnerabilita' di tipo "critica"
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37865
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26119




GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert




-----BEGIN PGP SIGNATURE-----

iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZLjVogAKCRDBnEyTZRJg
QiooAKC4FikOZFi46LL0uH8S7sfGCE4o3wCgsWizus+Uwj6nr6pzZbbvMoC41Fo=
=xWBz
-----END PGP SIGNATURE-----