SUSE Security Update: Security update for oracle-update ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0765-1 Rating: important References: #736238 #757705 #760074 #760660 #763895 #764049 Cross-References: CVE-2012-1675 Affected Products: SUSE Manager 1.2 for SLE 11 SP1 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This package wraps the Oracle Server update process for the Oracle server included in SUSE Manager. On installation of this package it will pull and install the Oracle updates and patches, integrated so that SUSE Manager is correctly stopped, the databases converted and restarted. It contains a security helper script that may adjust the Oracle server listening on all network interfaces to just listen on localhost (CVE-2012-1675). To switch to a configuration that will restrict the listener to localhost only run the following command as root: spacewalk-service stop /opt/apps/db-update/smdba-netswitch localhost spacewalk-service start In case you want to revert to the previous configuration, just run: spacewalk-service stop /opt/apps/db-update/smdba-netswitch worldwide spacewalk-service start Security Issue references: * CVE-2012-1675 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1675
Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.2 for SLE 11 SP1: zypper in -t patch sleman12sp1-oracle-update-6368 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.2 for SLE 11 SP1 (x86_64): oracle-update-0.1-0.5.8.1 References: http://support.novell.com/security/cve/CVE-2012-1675.html https://bugzilla.novell.com/736238 https://bugzilla.novell.com/757705 https://bugzilla.novell.com/760074 https://bugzilla.novell.com/760660 https://bugzilla.novell.com/763895 https://bugzilla.novell.com/764049 http://download.novell.com/patch/finder/?keywords=a0b8b5031c3d0c502432381a52... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org