CVE-2012-2142 Arbitrary Code Execution vulnerability in XPDF

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-2142 Arbitrary Code Execution vulnerability 2.6 XPDF
Solaris 11.2 11.2.4.6.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in GNU patch utility

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2010-1679 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 6.8 GNU patch utility
Solaris 11.2 11.2.4.6.0
CVE-2010-4651 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 5.8

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2014-3956 Information Disclosure vulnerability in Sendmail

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-3956 Information Disclosure vulnerability 1.9 Sendmail
Solaris 11.2 11.2.4.6.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2014-4330 Buffer Errors vulnerability in Perl

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-4330 Buffer Errors vulnerability 2.1 Perl
Solaris 11.2 11.2.4.6.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2014-3248 Untrusted search path vulnerability in Facter

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-3248 Untrusted search path vulnerability 6.2 Facter
Solaris 11.2 11.2.4.6.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2014-6414 Unauthenticated Access vulnerability in OpenStack Neutron

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-6414 Unauthenticated Access vulnerability 4.0 OpenStack Neutron
Solaris 11.2 11.2.4.6.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2014-7144 Cryptographic Issues vulnerability in OpenStack keystonemiddleware

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-7144 Cryptographic Issues vulnerability 4.3 OpenStack keystonemiddleware
Solaris 11.2 11.2.4.6.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2014-2856 Cross-site scripting (XSS) vulnerability in CUPS

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-2856 Cross-site scripting (XSS) vulnerability 4.3 Common Unix Printing System (CUPS)
Solaris 11.2 11.2.4.6.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2014-7185 Integer overflow vulnerability in Python

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-7185 Integer overflow vulnerability 6.4 Python
Solaris 11.2 11.2.4.6.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Nova

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-2573 Permissions, Privileges, and Access Control vulnerability 2.3 OpenStack Compute (Nova)
Solaris 11.2 11.2.4.6.0
CVE-2014-3608 Resource Management Errors vulnerability 2.7

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Wireshark

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-6421 Use-after-free vulnerability 5.0 Wireshark
Solaris 11.2 11.2.4.6.0
CVE-2014-6422 Buffer Errors vulnerability 5.0
CVE-2014-6423 Resource Management Errors vulnerability 5.0
CVE-2014-6424 Buffer Errors vulnerability 5.0
CVE-2014-6425 Buffer Errors vulnerability 5.0
CVE-2014-6426 Resource Management Errors vulnerability 5.0
CVE-2014-6427 Buffer Errors vulnerability 5.0
CVE-2014-6428 Buffer Errors vulnerability 5.0
CVE-2014-6429 Input Validation vulnerability 5.0
CVE-2014-6430 Input (more...)

Look What We Made

As a team-building activity for our newly merged team of research, design and development, someone, who probably wishes to remain nameless, organized a glass mosaic and welding extravaganza at The Crucible in Oakland.

We split into two teams, one MIG welding, the other glass breaking, and here’s the result.

Original image, glass before firing.

Original image, glass before firing.

Finished product, including frame.

Finished product, including frame.

All-in-all an interesting and entertaining activity. Good times were had by all, and no one was cut (more...)

From Concept to Code

Editor’s note: Here’s a repost of a wonderful write-up of an event we did a couple weeks ago, courtesy of Friend of the ‘Lab Karen Scipi (@KarenScipi).

What Karen doesn’t mention is that she organized, managed and ran the event herself. Additional props to Ultan (@ultan) on the idea side, including the naming, Sandra Lee (@SandraLee0415) on the execution side and to Misha (@mishavaughan) for seeing the value. (more...)

Siemens Teamcenter Optimized with Oracle SuperCluster

Siemens PLM Software is a world-leading provider of product lifecycle management (PLM) software, systems and services. It has over nine million licensed seats and 77,000 customers worldwide. Siemens’ Teamcenter is one of the world's most widely used digital lifecycle management software.

Recently Siemens achieved Oracle SuperCluster Optimized status after testing and tuning Teamcenter 10.1 on Oracle SuperCluster with Oracle Solaris 11, Oracle WebLogic Server 12c, Oracle Database 11g Release 2 and (more...)

CVE-2014-4345 Numeric Errors vulnerability in Kerberos

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-4345 Numeric Errors vulnerability 8.5 Kerberos
Solaris 10 SPARC: 147793-14 X86: 147794-14
Solaris 11.2 11.2.4.6.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

ODTUG from afar

I would like to extend my apologies to those people who persevered just now with our attempt to bring to you my presentation on APEX 5 Page Designer thanks to ODTUG.

Due to the massive time zone differences, the appropriate time on my end (6am) means I connect from home - where I'm limited to an ADSL connection. My location is even a bit of a dead zone for my smartphone's 4G plan which is (more...)

Multiple vulnerabilities fixed in NSS 3.16

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-1620 Cryptographic Issues vulnerability 4.3 NSS
Solaris 10 SPARC: 119213-30 125358-19 X86: 119214-30 125359-19
Solaris 8 SPARC: 119209-30 125358-19 X86: 125359-19
Solaris 9 SPARC: 119211-30 125358-19 X86: 119212-30 125359-19
CVE-2013-1739 Denial of Service(DOS) vulnerability 5.0
CVE-2013-1740 Cryptographic Issues vulnerability 5.8
CVE-2013-1741 Numeric Errors vulnerability 7.5
CVE-2013-5605 Input Validation vulnerability 7.5
CVE-2013-5606 Permissions, Privileges, and Access Control vulnerability 5.8
CVE-2014-1490 Resource (more...)

Let Oracle GoldenGate 12c Take You to the Cloud

| Nov 20, 2014

If your organization is in the ~80% of the global business community, you are most likely working on a cloud computing strategy for your organization, or actively implementing. The cloud computing growth rate is 5X more than the overall IT growth rate because of the clear and already proven cost savings, agility, and  scalability benefits of cloud architectures.

When organizations decide to embark on their cloud journey, they notice there are several questions and challenges (more...)

WordPress 4.0.1 Released

I got a bunch of emails this morning telling me by blogs had upgraded to WordPress 4.0.1. It’s a critical security release, so if you’ve not done an auto-update, you really need to get this sorted.

The downloads and changelog are in the usual places.

Cheers

Tim…


WordPress 4.0.1 Released was first posted on November 20, 2014 at 11:32 pm.
©2012 "The ORACLE-BASE Blog". Use of this feed is (more...)

Upcoming Webinar: Innovation in Managing the Chaos of Everyday Project Management

On Thursday, December 4th from 1 PM-2 PM CST, Fishbowl Solutions will hold a webinar in conjunction with Oracle about our new solution for enterprise project management. This solution transforms how project-based tools, like Oracle Primavera, and project assets, such as documents and diagrams, are accessed and shared.

With this solution:

  • Project teams will have access to the most accurate and up to date project assets based on their role within a specific project
  • Through (more...)