それにしても量が多いなぁ、、、MicrosoftはSQLServerのパッチを5年も出してなかったのに・・・

Product releases and versions that are in Premier Support or Extended Support, under the Oracle Lifetime Support policy:

• Oracle Database 11g, version 11.1.0.6 [ Database ]
• Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3, 10.2.0.4 [ Database ]
• Oracle Database 10g, version 10.1.0.5 [ Database ]
• Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV [ Database ]
• Oracle TimesTen In-Memory Database version 7.0.3.0.0 [ Database ]
• Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.1.0, 10.1.3.3.0 [ Application Server ]
• Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.2.0, 10.1.2.3.0 [ Application Server ]
• Oracle Application Server 10g (9.0.4), version 9.0.4.3 [ Application Server ]
• Oracle Hyperion BI Plus version 9.2.0.3, 9.2.1.0,and 9.3.1.0 [ Application Server ]
• Oracle Hyperion Performance Suite version 8.3.2.4, and 8.5.0.3 [ Application Server ]
• Oracle E-Business Suite Release 12, version 12.0.4 [ E-Business Suite ]
• Oracle E-Business Suite Release 11i, version 11.5.10.2 [ E-Business Suite ]
• Oracle Enterprise Manager Database Control 11i version 11.1.0.6 [ Enterprise Manager ]
• Oracle Enterprise Manager Database Control 10g Release 2, versions 10.2.0.2, 10.2.0.3, 10.2.0.4 [ Enterprise Manager ]
• Oracle Enterprise Manager Database Control 10g Release 1, version 10.1.0.5 [ Enterprise Manager ]
• Oracle Enterprise Manager Grid Control 10g Release 1, versions 10.1.0.5, 10.1.0.6 [ Enterprise Manager ]
• Oracle PeopleSoft Enterprise PeopleTools versions 8.48.17, 8.49.11 [ PeopleSoft/JDE ]
• Oracle PeopleSoft Enterprise CRM version 8.9, 9.0 [ PeopleSoft/JDE ]
• Oracle WebLogic Server (formerly BEA WebLogic Server) 10.0 released through MP1 [ BEA ]
• Oracle WebLogic Server (formerly BEA WebLogic Server) 9.0, 9.1, 9.2 released through MP3 [ BEA ]
• Oracle WebLogic Server (formerly BEA WebLogic Server) 8.1 released through SP6 [ BEA ]
• Oracle WebLogic Server (formerly BEA WebLogic Server) 7.0 released through SP7 [ BEA ]
• Oracle WebLogic Server (formerly BEA WebLogic Server) 6.1 released through SP7 [ BEA ]

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html

Date	Number	Title	Type	Threat	Severity	CVSS Rating	Products Affected
2008-07-15	CVE-2008-2582	Denial-of-Service vulnerability in WebLogic Server	advisory	-	-	5.0 (Medium)	WLS 10.0 (-MP1) WLS 9.2 (-MP3) WLS 9.1 WLS 9.0 WLS 8.1 (-SP6) WLS 7.0 (-SP7)
2008-07-15	CVE-2008-2581	Elevation of privilege vulnerabilities in the UDDI Explorer	advisory	-	-	5.1 (Low)	WLS 10.0 (-MP1) WLS 9.2 (-MP3) WLS 9.1 WLS 9.0 WLS 8.1 (-SP6) WLS 7.0 (-SP7)
2008-07-15	CVE-2008-2580	Information disclosure in JSP pages	advisory	-	-	2.6 (Low)	WLS 10.0 (-MP1) WLS 9.2 (-MP3) WLS 9.1 WLS 9.0
2008-07-15	CVE-2008-2579	Information disclosure vulnerability in WebLogic plug-ins for Apache, Sun and IIS Web servers	advisory	-	-	6.8 (Medium)	Plugins prior to July 15th 2008
2008-07-15	CVE-2008-2578	Information Disclosure vulnerability in the WebLogic console or server log	advisory	-	-	4.3 (Medium)	WLS 10.0 WLS 9.2 (-MP1)
2008-07-15	CVE-2008-2577	Elevation of privilege vulnerability in the Console/WLST	advisory	-	-	4.6 (Medium)	WLS 9.2 MP1
2008-07-15	CVE-2008-2576	Information Disclosure vulnerability in the ForeignJMS component	advisory	-	-	4.1 (Medium)	WLS 9.2 WLS 9.1 WLS 9.0 WLS 8.1 (-SP6)

https://support.bea.com/application_content/product_portlets/securityadvisories/index.html

関連記事

• US-CERT Current Activity
• BEA製品なども対象に：Oracleの四半期パッチ公開、45件の脆弱性に対処 - ITmedia エンタープライズ
• Oracle Products Multiple Vulnerabilities - Advisories - Secunia