Alert GCSA-23139 - Oracle Critical Patch Update Advisory

******************************************************************

alert ID: GCSA-23139
data: 20 Ottobre 2023
titolo: Oracle Critical Patch Update Advisory - October 2023

******************************************************************

:: Descrizione del problema

Oracle ha rilasciato la Critical Patch Update July 2023.
L'aggiornamento risolve 387 vulnerabilita', di cui 19 con
gravita' "critica", presenti in vari prodotti.

Un aggressore remoto potrebbe sfruttare alcune di queste
vulnerabilita' per eseguire operazioni non autorizzate sui
sistemi interessati.
Oracle raccomanda di applicare gli aggiornamenti appena possibile.

Maggiori informazioni sono disponibili alla sezione "Riferimenti".

:: Software interessato

Oracle Analytics
Oracle Big Data Spatial and Graph
Oracle Commerce
Oracle Communications
Oracle Communications Applications
Oracle Construction and Engineering
Oracle Database Server
Oracle E-Business Suite
Oracle Enterprise Manager
Oracle Essbase
Oracle Financial Services Applications
Oracle Fusion Middleware
Oracle Global Lifecycle Management
Oracle GoldenGate
Oracle Graph Server and Client
Oracle Health Sciences Applications
Oracle HealthCare Applications
Oracle Hospitality Applications
Oracle Hyperion
Oracle Insurance Applications
Oracle Java SE
Oracle JD Edwards
Oracle MySQL
Oracle PeopleSoft
Oracle REST Data Services
Oracle Retail Applications
Oracle Secure Backup
Oracle Siebel CRM
Oracle Supply Chain
Oracle Systems
Oracle TimesTen In-Memory Database
Oracle Utilities Applications
Oracle Virtualization

Per una descrizione completa si rimanda alla segnalazione ufficiale
nella sezione "Riferimenti".

:: Impatto

Esecuzione remota di codice arbitrario (RCE)
Bypass delle funzionalita' di sicurezza (SFB)
Rivelazione di informazioni (ID)
Privilege Escalation

L'impatto delle vulnerabilita' varia a seconda del prodotto,
della componente e della configurazione del sistema.

:: Soluzioni

Applicare le patch appropriate o procedere all'opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle.

Alcune applicazioni che utilizzano i software interessati
potrebbero non funzionare correttamente dopo l'aggiornamento
alla versione piu' recente. Effettuare l'aggiornamento
dopo aver considerato ogni possibile impatto.

Java SE Downloads
https://www.oracle.com/java/technologies/downloads/

Free Java Download
https://www.java.com/en/download/manual.jsp

:: Riferimenti

Oracle Critical Patch Updates, Security Alerts and Bulletins
https://www.oracle.com/security-alerts/
https://www.oracle.com/security-alerts/cpuoct2023.html
https://www.oracle.com/security-alerts/cpuoct2023verbose.html

Oracle Java SE Support Roadmap
https://www.oracle.com/java/technologies/java-se-support-roadmap.html

CSIRT Italia - Critical Patch Update di Oracle
https://www.csirt.gov.it/contenuti/critical-patch-update-di-oracle-al02-231018-csirt-ita

CIS - Center for Internet Security
https://www.cisecurity.org/advisory/oracle-quarterly-critical-patches-issued-october-17-2023_2023-123

Mitre CVE
Di seguito riportiamo soltanto i CVE per vulnerabilita' di tipo "critica"
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22089
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39022

GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert

-----BEGIN PGP SIGNATURE-----

iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZTDnSQAKCRDBnEyTZRJg
QuS0AJ0akgFltA/1H0pi9hnefjI19pPIowCfW3yOSsPqrGF2OTlcQnB0jKtgcoo=
=r7Zr
-----END PGP SIGNATURE-----

Cerca nel blog

alerts.gdaverio.it

Alert GCSA-23139 - Oracle Critical Patch Update Advisory - October 2023