Wednesday, January 17, 2007

California Fire News

California Fire News

  • Fire Nearly Ruins Alameda Home

    Posted: 17 Jan 2007 01:19 AM CST

    Oakland Tribune
    January 16, 2007


    California - The three-alarm fire drew roughly 40 firefighters from Alameda and Oakland to the 2000 block of Clinton Avenue. Hundreds of neighbors, many of them off work for Martin Luther King Day, lined up to watch from nearby streets and sidewalks.
    Alameda Fire Department Captain Daren Olson said one person sustained minor injuries and was taken to Alameda Hospital, just down the block on Clinton Avenue.

    Olson did not have information about the nature of the injuries and could not say for certain whether a man who apparently owns the home was the one who received medical attention.

    The cause of the fire remained unclear, Olson said.

    "I have no idea," he said. "That's still under investigation at this time."

    Witnesses reported seeing flames shoot up 10 to 15 feet above the roofline.

    "This thing was cooking," said Patrick Bennett, 27, of Alameda.

    Bennett said he and a friend were riding their bicycles nearby and followed one of the fire trucks to the scene.

    As they watched firefighters attack the flames, some in the crowd snapped pictures with their digital cameras or cell phones. One woman sipped a bottle of beer. Smoke was visible from miles away.

    Some people said they heard explosions after the fire started.

    Melissa Bass, a hospital staffer in the X-ray department, said she was eating her lunch inside her car parked near the home, when she saw a man flee.

    "I saw the guy running out of the house," Bass said. "By that time it was already in flames."

    She said that about 10 minutes after she saw the fire, she heard a "boom."

    "It wasn't that loud," she said. "It was just one big boom. ... You could probably hear it at the end of the block."

    Carol Gerdes, who lives next door, identified the owner of the home as Darrell Hall.

    She said she called 9-1-1 after seeing smoke and fire, then turned on her hose to help stop the flames from spreading.

    Hall was outside the house, she said. The Fire Department said the home was unoccupied by the time they arrived.

    "He was just not able to talk, period," Gerdes said of her neighbor, whom she's known for more than five years. "That's it."

    Fire crews had the flames mostly contained after about an hour.

    Officials did not have an estimate of how much damage was caused to the one-story home.

    Olson said a rear portion was almost destroyed. The roof was ripped apart, windows broken and a garage door was beaten down to put the fire out.

    "The interior is gutted," Olson said.

    He said some areas inside had not actually burned, but were largely damaged by smoke or debris.

    Written by Oakland Tribune
  • Man's Cell Phone Apparently Sets Him Ablaze

    Posted: 16 Jan 2007 03:04 PM CST

    Vallejo - A cell phone apparently ignited in a man's pocket and started a fire that burned his hotel room and caused severe burns over half his body, fire department officials said. Luis Picaso, 59, was in stable condition Monday with second- and third-degree burns to his upper body, back, right arm and right leg, Vallejo Fire Department assistant chief Kurt Henke said.

    Vallejo Fire Department spokesman Bill Tweedy said Monday that Saturday's incident involving a man who was seriously burned after his cell phone caught fire and ignited his clothing is not that unusual.

    "There have been a couple other cases in California in the past few years," Tweedy said. "It's no different than any other fires involving mechanical or electrical items," Tweedy said.

    A 16-year-old girl suffered second-degree burns when her cell phone in her back pocket caught fire, the Ontario, Calif., Fire Department reported in June 2004.

    An incident in May 2004 in New Paltz, N.Y., lent credibility to the suspicion that a cell phone could ignite a fire at a gas pump. A 21-year-old student was filling up at the pump when his phone rang. When he answered it a large flash occurred at the nozzle and started a fire.

    Thousands of counterfeit LG-branded cell phone batteries were recalled in June 2004 because they could overheat and pose a fire hazard, according to the Consumer Product Safety Commission.

    The 59-year-old resident of The Travelers Hotel on Georgia Street in Vallejo suffered second- and third-degree burns on half his body Saturday night when his cell phone caught fire and ignited his clothing and the plastic chair he was sitting in, the Vallejo Fire Department reported. A sprinkler confined the fire to the immediate area and firefighters found Luis Picaso on the floor of the bathroom.

    Tweedy said Monday Picaso is in stable condition at the UC Davis Medical Center.

    Written by Associated Press

US-CERT Technical Cyber Security Alert TA07-017A -- Oracle Releases Patches for Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA07-017A


Oracle Releases Patches for Multiple Vulnerabilities

Original release date: January 17, 2007
Last revised: --
Source: US-CERT


Systems Affected

* Oracle Database
* Oracle Application Server
* Oracle HTTP Server (Apache)
* Oracle Identity Management
* Oracle Enterprise Manager Grid Control
* Oracle E-Business Suite
* Oracle Collaboration Suite
* Oracle PeopleSoft Enterprise PeopleTools
* Oracle Life Sciences Applications (formerly Oracle Pharmaceutical
Applications)

For more detailed information regarding affected product versions,
refer to the Oracle Critical Patch Update - January 2007.


Overview

Oracle has released patches to address numerous vulnerabilities in
different Oracle products. The impacts of these vulnerabilities
include remote execution of arbitrary code, information disclosure,
and denial of service.


I. Description

Oracle has released the Critical Patch Update - January 2007.
According to Oracle, this Critical Patch Update (CPU) contains:

* 17 new security fixes for the Oracle Database, one of which is for
Oracle Database client-only installations

* 9 new security fixes for the Oracle HTTP Server

* 12 new security fixes for the Oracle Application Server

* 7 new security fixes for the Oracle E-Business Suite

* 6 new security fixes for the Oracle Enterprise Manager

* 3 new security fixes for the Oracle PeopleSoft Enterprise
PeopleTools

Many Oracle products include or share code with other vulnerable
Oracle products and components. Therefore, one vulnerability may
affect multiple Oracle products and components. For example, the
January 2007 CPU does not contain any fixes specifically for Oracle
Collaboration Suite. However, Oracle Collaboration Suite is affected
by vulnerabilities in Oracle Database and Oracle Application Server,
so sites running Oracle Collaboration suite should install fixes for
Oracle Database and Oracle Application Server. Refer to the January
2007 CPU for details regarding which vulnerabilities affect specific
Oracle products and components.

For a list of publicly known vulnerabilities addressed in the January
2007 CPU, refer to the Map of Public Vulnerability to Advisory/Alert.
The January 2007 CPU does not associate Vuln# identifiers (e.g., DB01)
with other available information, even in the Map of Public
Vulnerability to Advisory/Alert document. As more details about
vulnerabilities and remediation strategies become available, we will
update the individual vulnerability notes.


II. Impact

The impact of these vulnerabilities varies depending on the product,
component, and configuration of the system. Potential consequences
include remote execution of arbitrary code or commands, sensitive
information disclosure, and denial of service. Vulnerable components
may be available to unauthenticated, remote attackers. An attacker who
compromises an Oracle database may be able to gain access to sensitive
information or take complete control of the host system.


III. Solution

Apply patches from Oracle

Apply the appropriate patches or upgrade as specified in the Critical
Patch Update - January 2007. Note that this Critical Patch Update only
lists newly corrected vulnerabilities.

As noted in the update, some patches are cumulative, others are not:

The Oracle Database, Oracle Application Server, Oracle Enterprise
Manager Grid Control, Oracle Collaboration Suite, JD Edwards
EnterpriseOne, JD Edwards OneWorld Tools, PeopleSoft Enterprise
Portal Applications and PeopleSoft Enterprise PeopleTools patches
in the Updates are cumulative; each Critical Patch Update contains
the fixes from the previous Critical Patch Updates.

Oracle E-Business Suite and Applications patches are not
cumulative, so E-Business Suite and Applications customers should
refer to previous Critical Patch Updates to identify previous fixes
they want to apply.

Vulnerabilities described in the January 2007 CPU may affect Oracle
Database 10g Express Edition (XE). According to Oracle, Oracle
Database XE is based on the Oracle Database 10g Release 2 code.

Known issues with Oracle patches are documented in the
pre-installation notes and patch readme files. Please consult these
documents and test before making changes to production systems.


IV. References

* US-CERT Vulnerability Notes Related to Critical Patch Update -
January 2007 -
<http://www.kb.cert.org/vuls/byid?searchview&query=oracle_cpu_jan_2007>

* Critical Patch Update - January 2007 -
<http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html>

* Critical Patch Updates and Security Alerts -
<http://www.oracle.com/technology/deploy/security/alerts.htm>

* Map of Public Vulnerability to Advisory/Alert -
<http://www.oracle.com/technology/deploy/security/critical-patch-updates/public_vuln_to_advisory_mapping.html>

* Oracle Database Security Checklist (PDF) -
<http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database.pdf>

* Critical Patch Update Implementation Best Practices (PDF) -
<http://www.oracle.com/technology/deploy/security/pdf/cpu_whitepaper.pdf>

* Oracle Database 10g Express Edition -
<http://www.oracle.com/technology/products/database/xe/index.html>

* Details Oracle Critical Patch Update January 2007 -
<http://www.red-database-security.com/advisory/oracle_cpu_jan_2007.html>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA07-017A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-017A Feedback VU#221788" in the
subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2007 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRa5DxexOF3G+ig+rAQK39QgAuBGVS0rMyXinEtvG678WejFIBm8PlhXz
CG1Bpo0AIJTWd6Ql3QAPsf+EQ1pJLlsF/Rp/DJBKspaqg7DJ7NrTfCzC8WUb6H19
vch93DVZo20qPFhRLsEWMaUV7cPuekTtwL1yuRjkXrKL+YB8/1kHw2Xpk2BbDn0r
Ix00n5RbXj1zSpau3OYfps5KaLmhppXKjR2KexTe+tV7yS61dTSYdcJsbKvUj/ev
nRrq+BsYHWi7aYsVXKC+XftlVrE7qTFbgPG7JVXEvyql6T3klVigZfjGQPgTT/6d
UdB7dxHIvnoWnIqSFgTKWlm6JpEK0m9yiNDxGat1NW3pOHaEd5x0GA==
=7oQu
-----END PGP SIGNATURE-----

CNN.com

News: Breaking News -- MercuryNews.com

AP Top U.S. News At 8:45 p.m.