Re: Question on Oracle Security Alert for CVE-2012-1675

From: Ilmar Kerm <ilmar.kerm_at_gmail.com>
Date: Thu, 3 May 2012 12:55:02 +0200
Message-ID: <CAKnHwtdJBK_KpLoroE9nct9+ntHiyv-Vq_s00URPBW3g+TsQRQ_at_mail.gmail.com>



On Wed, May 2, 2012 at 5:42 PM, Radoulov, Dimitre <cichomitiko_at_gmail.com> wrote:
> Hi,
> if I am reading Note 1340831.1 correctly, in order to secure the communication
> between pmon and the scan listeners, we'll need to use SSL.
>
> There is a note about _licensing changes_:
>
> --------------------------------------------------------------
>
> Please refer to the Oracle licensing documentation available on
> Oracle.com regarding licensing changes that allow Oracle Advanced
> Security SSL/TLS to be used with Oracle SE Oracle Real Application
> Clusters and Oracle Enterprise Edition Real Application Customers
> (Oracle RAC) and Oracle RAC OneNode Options.
>
> --------------------------------------------------------------
>
> I am trying to understand if we need to buy the Advanced Security
> option in order to fix the issue (I hope we don't ...).
>
> Can anybody throw some light on this?

Although this note mentions Standard Edition RAC (11.2.0.3.2), has anyone tried to apply this note on SE?
When I try to modify remote_listener on the database, I get

ORA-02097: parameter cannot be modified because specified value is invalid
ORA-00119: invalid specification for system parameter REMOTE_LISTENER
ORA-00130: invalid listener address

'(ADDRESS=(PROTOCOL=TCPS)(HOST=10.69.132.41)(PORT=1523))' ORA-00130: invalid listener address
'(ADDRESS=(PROTOCOL=TCPS)(HOST=10.69.132.42)(PORT=1523))' ORA-00130: invalid listener address
'(ADDRESS=(PROTOCOL=TCPS)(HOST=10.69.132.43)(PORT=1523))' Works on Enterprise Edition... I guess I have to open SR.
-- 
Ilmar Kerm
--
http://www.freelists.org/webpage/oracle-l
Received on Thu May 03 2012 - 05:55:02 CDT

Original text of this message