Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Yet more info on the patches for the listener security bugs

Yet more info on the patches for the listener security bugs

From: A. Bardeen <abardeen1_at_yahoo.com>
Date: Tue, 03 Jul 2001 00:54:36 -0700
Message-ID: <F001.0033FA6E.20010703003020@fatcity.com> 






Hi All!



This affects only the homes for any running listeners.



PSE's (patchset exceptions)  1489683, 1656431 and
1814117 were withdrawn so that they could be combined
into a single PSE.



Listed below are the PSE place holder patch #'s for
each of the different supported releases.  Some PSE's
are not yet available (e.g. 8.1.7.0), but when
available they will be under the patch #'s listed
below.  The same patch # is used for all platforms on
that release.



Version Patch # 


8.1.7.1   1859604
8.1.7.0   1859628
8.1.6.3   1859654
8.1.6.2   1859778
8.1.6.1   1859788
8.1.6.0   1859791
8.0.6.3   TBA





To access the patches via MetaLink:



Patches


  Click on the flashing red link for new patches
  Enter one of the above patch #'s


  If you want to limit your search to a specific
platform then select it from the drop down list,
otherwise all platforms will be shown


  Click on submit


        Scroll down to find the appropriate patch for your OS



Due to the nature of Windows NT/Windows 2000, PSE's
are not available and require a full 5-digit patchset
release.  The 8.1.7.1.4 patchset will contain the
fixes  for PSE 1859604.



To access the 8.1.7.1.4 patchset, when it is
available, from MetaLink:



Patches


  Click on the flashing red link for new patches

        Product:        RDBMS Server
        Release:        8.1.7.1 (if you select a release that is not
currently available, no patches will be found)
        Platform:       MS Windows NT/2000 Ser






If you applied one of the earlier PSE's, you don't
have to deinstall it before applying one of the above
PSE's.



The following alerts document the various listener
bugs and their respective patches (same as the list
above):



Note: 151259.1 "ALERT: Buffer Overflow Vulnerability
in the Oracle8i Listener"



Note: 151260.1 "ALERT: Oracle SQL*Net and Net8
Malformed Packet Denial of Service Vulnerability"



Note: 151261.1 "Oracle Net8 Denial of Service
Vulnerabilities - Offset_to_data Value Too Large"



Note: 151290.1 "Net8 Denial of Service Vulnerabilities
- Requester_version Value Incorrect"



Note: 151291.1 "Net8 Denial of Service Vulnerabilities
- Maximum Transport Data Size Too Small"



Note: 151292.1 "Oracle Net8 Denial of Service
Vulnerabilities - Fragmentation Attack"




HTH,







Do You Yahoo!?


Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/


-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: A. Bardeen


  INET: abardeen1_at_yahoo.com


Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------


To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Tue Jul 03 2001 - 02:54:36 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US