-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA07-200A

Oracle Releases Patches for Multiple Vulnerabilities

Original release date: July 19, 2007
Last revised: --
Source: US-CERT

Systems Affected

* Oracle Database
* Oracle Application Server
* Oracle Collaboration Suite
* Oracle E-Business Suite and Applications
* Oracle PeopleSoft Enterprise and JD EnterpriseOne

For more detailed information regarding affected product versions,
refer to the Oracle Critical Patch Update - July 2007.

Overview

Oracle has released patches to address numerous vulnerabilities in
different Oracle products. The impacts of these vulnerabilities
include remote execution of arbitrary code, information disclosure,
and denial of service.

I. Description

Oracle has released the Critical Patch Update - July 2007. According
to Oracle, this Critical Patch Update (CPU) includes the following new
security fixes:
* 17 for the Oracle Databases
* 1 for Oracle Internet Directory
* 1 for Oracle Application Express
* 4 for the Oracle Application Server
* 1 for Oracle Collaboration Suite
* 14 for the Oracle E-Business Suite
* 3 for Oracle PeopleSoft Enterprise PeopleTools
* 2 for PeopleSoft Enterprise Customer Relationship Management
* 2 for PeopleSoft Enterprise Human Capital Management

Many Oracle products include or share code with other vulnerable
Oracle products and components. Therefore, one vulnerability may
affect multiple Oracle products and components. Refer to the July 2007
CPU for details regarding which vulnerabilities affect specific Oracle
products and components.

For a list of publicly known vulnerabilities addressed in the July
2007 CPU, refer to the Map of Public Vulnerability to Advisory/Alert.
The July 2007 CPU does not associate Vuln# identifiers (e.g., DB01)
with other available information, even in the Map of Public
Vulnerability to Advisory/Alert document. As more details about
vulnerabilities and remediation strategies become available, we will
update the individual vulnerability notes.

II. Impact

The impact of these vulnerabilities varies depending on the product,
component, and configuration of the system. Potential consequences
include remote execution of arbitrary code or commands, sensitive
information disclosure, and denial of service. Vulnerable components
may be available to unauthenticated, remote attackers. An attacker who
compromises an Oracle database may be able to gain access to sensitive
information or take complete control of the host system.

III. Solution

Apply patches from Oracle

Apply the appropriate patches or upgrade as specified in the Critical
Patch Update - July 2007. Note that this Critical Patch Update only
lists newly corrected vulnerabilities.

As noted in the update, some patches are cumulative, others are not.
Oracle E-Business Suite and Applications patches are not cumulative,
so E-Business Suite and Applications customers should refer to
previous Critical Patch Updates to identify previous fixes they want
to apply.

Vulnerabilities described in the July 2007 CPU may affect Oracle
Database 10g Express Edition (XE). According to Oracle, Oracle
Database XE is based on the Oracle Database 10g Release 2 code.

Known issues with Oracle patches are documented in the
pre-installation notes and patch readme files. Please consult these
documents and test before making changes to production systems.

IV. References

* US-CERT Vulnerability Notes Related to Critical Patch Update - July 2007 - <http://www.kb.cert.org/vuls/byid?searchview&query=oracle_cpu_jul_2007>

* Critical Patch Update - July 2007 - <http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html>

* Critical Patch Updates and Security Alerts - <http://www.oracle.com/technology/deploy/security/alerts.htm>

* Map of Public Vulnerability to Advisory/Alert - <http://www.oracle.com/technology/deploy/security/critical-patch-updates/public_vuln_to_advisory_mapping.html>

* Oracle Database Security Checklist (PDF) - <http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database.pdf>

* Critical Patch Update Implementation Best Practices (PDF) - <http://www.oracle.com/technology/deploy/security/pdf/cpu_whitepaper.pdf>

* Oracle Database 10g Express Edition - <http://www.oracle.com/technology/products/database/xe/index.html>

* Details Oracle Critical Patch Update July 2007 - <http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html>

_________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA07-200A.html>
_________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-200A Feedback VU#322460" in the
subject.
_________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________

Produced 2007 by US-CERT, a government organization.

<http://www.us-cert.gov/legal.html>
_________________________________________________________________

Revision History

July 19, 2007: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRp/JpfRFkHkM87XOAQL+aAf+LT57XEEdJFo0/rEvLauhqOviaJlUvPez
5pPCcB8GA9BlzNlF4acoIR8QxMqtGg2MVG/uSk6XPTK2CVKDKcBPmsp6iQxMbPCF
Xz7iCuET++IcyUbIi7pMXaJIl6qCZKb8irhH11Z6IwAWjPkrsVv82wz4yCP+APEe
+ANt4e/byziJ7AySg6WR/Rzpi+nedjLicpjfUilkQhRiXs6k9x5dUON4pPNU7DUV
PeTZ3zccEVBvcr/t6YCzZ+yIzLZiAzVghH7SNbgDYv+NRboCjNOu95MniA8Oz2ED
xNOf/wbFj7LMUsmza7u8kTaywUHOyR7LQ9mANsuHJb3n4Ug9/SAVdQ==
=FFpC
-----END PGP SIGNATURE-----

California Fire News

EDIS- Wind advisory remains in effect until 9 pm pdt this evening

Posted: 18 Jul 2007 02:29 PM CDT

EASTERN SIERRA SLOPES-OWENS VALLEY-WHITE MOUNTAINS OF INYO COUNTY-DEATH VALLEY NATIONAL PARK-

A WIND ADVISORY REMAINS IN EFFECT UNTIL 9 PM PDT THIS EVENING. A TIGHT PRESSURE GRADIENT BETWEEN A STRONG AREA OF LOW PRESSURE IN THE EASTERN PACIFIC AND HIGH PRESSURE NEAR THE FOUR CORNERS AREA IS EXPECTED TO PRODUCE WINDY CONDITIONS TODAY AND THIS EVENING. SOUTHERLY WINDS BETWEEN 20 AND 30 MPH WITH GUSTS UP TO 45 MPH ARE POSSIBLE. MOTORISTS SHOULD USE EXTRA CAUTION AS THE HIGHER WINDS MAY MAKE DRIVING CONDITIONS DIFFICULT AND MAY ALSO PRODUCE AREAS OF BLOWING DUST OR SAND.

Area: EASTERN SIERRA SLOPES-OWENS VALLEY-WHITE MOUNTAINS OF INYO COUNTY-DEATH VALLEY NATIONAL PARK-ESMERALDA AND CENTRAL NYE COUNTY-LINCOLN COUNTY-INCLUDING THE CITIES OF... ASPENDELL... MT WHITNEY... BISHOP... INDEPENDENCE... LONE PINE... FURNACE CREEK... STOVEPIPE WELLS... SHOSHONE... TECOPA... BEATTY... GOLDFIELD... SILVER PEAK... DYER... CALIENTE... PIOCHE... PANACA... HIKO... ALAMO... RACHEL

Affected Counties or parts of: Inyo, San Bernardino,

Sent: 2007-07-18T11:5"

Special Report - EXCELLENT PHOTO ESSAY INYO FIRE

Posted: 18 Jul 2007 02:15 PM CDT

Special Report - link to this very special report

HOLDING ON TO INDEPENDENCE

How the fast-moving Inyo Complex Wildland Fire almost torched the town of Independence,

threatened the historic Mt. Whitney Fish Hatchery and nearly killed nine firefighters.

Photo: Dave Mull

"3:52 pm At the height of despair, knowing they were about to lose the hatchery and fearful that their men were trapped, perhaps lost at the Ashworth Ranch, the remaining fire fighters began to pull back. Suddenly an old Lockheed P2V Neptune, the largest of the twin-engine "Borate Bombers", skirted a fire tornado to the south of Oak Creek and dropped 2700 gallons of ammonium fire suppressant along the back of the hatchery, saving it and quelling the flames around the trapped crews."
link to read all of this very special report

NEWS - Fires continue to spread in Siskiyou County

Posted: 18 Jul 2007 02:05 PM CDT

Fires continue to spread in Siskiyou County : Today's Picks :

Fires continue to spread in Siskiyou County

By Lauren Brooks (Contact)
Wednesday, July 18, 2007

HAPPY CAMP -- Two groups of lightning-sparked fires continued spreading through western Siskiyou County on Tuesday with little hope of containment any time within the next 12 days.

Firefighters are working to keep the fires on the Klamath National Forest away from homes in Happy Camp and Hamburg.

The Elk Complex grew from 4,725 acres Monday to 6,905 acres Tuesday, but firefighters managed to keep the complex 15 percent contained, U.S. Forest spokeswoman Phyllis Swanson said.

Swanson said 506 homes in rural western Siskiyou County are being threatened by the Elk Complex. A voluntary evacuation remains in effect on Elk Creek Road.

The Elk Complex is made up of six large fires and about two dozen small fires. Suppression costs so far have totaled $3 million with 1,179 firefighters staffing the fires, Swanson said.

On Tuesday morning, all fire restrictions were lifted on highways 263 and 96 as firefighters tried to contain the China and Back fires near the town of Hamburg, sheriff's spokeswoman Susan Gravenkamp said.

On Monday, the fires forced the closure of Highway 96 from Highway 263 west to Scott River Road.

The complex increased by more than 300 acres to 2,828 Tuesday, Swanson said.

She said the China-Back Complex was 85 percent contained Tuesday with 691 personnel staffing it.

Fire officials expect it to be fully contained by Saturday.

Inciweb Fact sheet for ZACA Incident - Acres: 28,000 Acres - No Control Estimate

Posted: 18 Jul 2007 01:40 PM CDT

Dry vegetation burns aggresively during a burning operation on 07/14/07.
Credit: Mike Ferris - USFS

ZACA Fire

Incident: Zaca
Released: 2 hrs. ago

Acres: 28,000 Acres Percent Containment: 35 percent Estimated Control: No Estimate

Resources: Hand Crews: 51; Dozers: 34; Engines: 66; Air Tankers: 6; Helicopters: 17; Water Tenders: 25; Overhead Personnel: 305; Total Personnel: 1,756; Injuries: 6; Structures Threatened: 50; Estimated Cost-to-Date: $21,100,000

Evacuations: At 8:00 pm last night the Santa Barbara County Sheriff's office, in conjunction with the Incident Management Team, updated the following order and warning which are still in effect:

Evacuation Order

The Evacuation Order issued by the Santa Barbara Sheriff's Department remains in effect for the residents of Peachtree Canyon and areas within the Los Padres National Forest boundary. The Zaca Fire is at McKinley Ridge and continues to be a threat to life and property within the evacuation order area. Residents who live in or around the identified communities are advised to immediately evacuate. The Red Cross shelter at Santa Ynez High School was closed last night. The American Red Cross will provide emergency housing for those affected by the evacuation order by calling 1 (800) 951-5600. If residents are unable to evacuate and need assistance, call 911.

Evacuation Warning

An Evacuation Warning remains in effect for the following areas: Residents East of Figueroa Road, North of Roblar, East of Mora, North of Baseline Avenue, and West of the Los Padres National Forest boundary. The communities of Tunnel Ranch, Rancho De Los Vistadores, and the Sedgwick Ranch are now included in the warning area. The Zaca Fire is a potential threat to life and property. Residents living in these identified areas should prepare for evacuation. An Evacuation Order may be issued as a result of the fires threat.

Current Closures: Santa Barbara County Fire Officials have ordered the following road closures:

Happy Canyon Road closed to the east at Baseline Road.
Figueroa Mountain road closed to the east at Highway 154

Los Padres National Forest Officials have ordered the following forest closures:

The expanded forest closure is still in effect. The expanded closure encompasses the entire San Rafael Wilderness and adjacent National Forest land roughly from Highway 166 on the north to the Buckhorn Road area on the south. The 382,000 acre area will be closed until further notice. This closure will limit access to the San Rafael Wilderness in order to insure the safety of citizens and fire personnel.

Significant Events: The evacuation order issued on July 17, 2007 at 8:00pm was revised to include only the areas of Peachtree Canyon and the affected areas of the Los Padres National Forest.

Current Situation: The fire is still burning in an easterly direction in the San Rafael Wilderness. The widening fire front on the east and southeast portions of the fire will set a stage for another active burning day. No significant activity on the northern flank is expected as the Hurricane Deck continues to hold. A predicted wind shift to east/ northeast winds is predicted to occur tonight with an increasing threat to the southern portion of the fire and the adjacent communities. Work in the wilderness continues to be a challenge due to the steep and rugged terrain. All efforts are being made to protect natural and cultural resources. Bulldozers will continue to construct contingency lines outside the wilderness boundary. Public and firefighter safety remains the top priority.

Safety Message: Residents should use caution when evacuating. Travelers using SR-154, please be cautious of firefighting equipment and personnel. Fire Information fact sheets and display boards are placed throughout the Santa Ynez and Santa Maria Valley's to keep the communities updated on the fire status.

Media Message: Due to the expanded forest closure, media must be escorted by a PIO. Information Officers will be available to provide an escort to an operations approved location. Media will need to check in at the Incident Command Post at Live Oak Camp for an escorted media tour at 11:00 am.

Additional Information: The fire has potential for increased growth and extended duration of wildfire suppression activities. Depending on wind conditions, smoke from the Zaca Fire may be visible over a wide area with occasional drift smoke as far away as Santa Barbara, Goleta or other areas of the county. If you need more information please contact the Zaca Fire Information Line at 805-961-5770 or go to www.fire.ca.gov, www.inciweb.org, or www.sbcfire.com

Inciweb Update: ZACA Fire - ZACA Incident - 28,000 acres - 35%

Posted: 18 Jul 2007 01:14 PM CDT

Inciweb:Zaca Incident - Zaca Fire Evacuations Modified

ZACA Incident July 18 Information Map

Zaca Wildland Fire

INCIDENT UPDATED 11:00 hrs.

ANNOUNCEMENT - Zaca Fire Evacuations Modified

Incident: Zaca
Released: 16 hrs. ago

**For Immediate Release**

Zaca Fire Evacuations Modified

The Santa Barbara County Sheriff's Department, in conjunction with the Joint Unified Incident Management Team, has modified the Zaca Fire evacuation order issued on July 16.

The area within the Los Padres National Forest boundary and the Peachtree community remain under a full "Evacuation Order."

All other areas that were within the previous Evacuation Order and Warning will remain under an "Evacuation Warning" and the public should be prepared to evacuate should fire conditions change.

The American Red Cross shelter at Santa Ynez High School will close at 8:00 p.m.

The Red Cross requests that if you live in the Evacuation Order area and have a need for emergency housing as a result of the Zaca Fire evacuation to call the Red Cross at 1-800-951-5600.

If you are unable to evacuate and need assistance call 911.

Firefighter using a drip torch to introduce fire to standing vegetation,
during a firing operation on 07/14/07.
Credit: Mike Ferris - USFS

view pictures || view maps

Summary

Acres: 28,000 Acres Percent Containment: 35 percent Estimated Control: No Estimate

Evacuations: At 8:00 pm last night the Santa Barbara County Sheriff's office, in conjunction with the Incident Management Team, updated the following order and warning which are still in effect:

Evacuation Order

Evacuation Warning

Current Closures: Santa Barbara County Fire Officials have ordered the following road closures:

Happy Canyon Road closed to the east at Baseline Road.
Figueroa Mountain road closed to the east at Highway 154

Los Padres National Forest Officials have ordered the following forest closures:

The expanded forest closure is still in effect. The expanded closure encompasses the entire San Rafael Wilderness and adjacent National Forest land roughly from Highway 166 on the north to the Buckhorn Road area on the south. The 382,000 acre area will be closed until further notice. This closure will limit access to the San Rafael Wilderness in order to insure the safety of citizens and fire personnel.

Significant Events: The evacuation order issued on July 17, 2007 at 8:00pm was revised to include only the areas of Peachtree Canyon and the affected areas of the Los Padres National Forest.

Significant Events

Current Situation:

Safety Message: Residents should use caution when evacuating. Travelers using SR-154, please be cautious of firefighting equipment and personnel. Fire Information fact sheets and display boards have been placedthroughout the Santa Ynez and Santa Maria Valley to keep those communities updated on the fire's status.

Media Message: Due to the expanded forest closure, media must be escorted by a Public Information Officer.Information Officers will be available to provide an escort to an operations approved location. Credentialed media will need to check in at the Incident Command Post at Live Oak Camp (SR-154) for an escorted tour.

Additional Information: The fire has potential for increased growth and extended duration of wildfire suppression activities. Depending on wind conditions, smoke from the Zaca Fire may be visible over a wide area with occasional drift smoke as far away as Santa Barbara, Goleta or other areas of the county. If you would likemore information, please contact the Zaca Fire Information Line at 805-961-5770 or go to http://www.fire.ca.gov/, http://www.inciweb.org/, or http://www.sbcfire.com/

###

Basic Information

Incident Type	Wildland Fire
Cause	Human Caused
Date of Origin	07/04/2007 at 1053 hrs.
Location	15 miles north east of Buellton, CA.
Incident Commander	Aaron Gelobter

Current Situation

Total Personnel	1,756
Size	28,000 acres
Percent Contained	35%
Fuels Involved	Chaparral and Oak Woodlands. North Flank of the fire is burning in heavy, 40 year old fuels with high dead to live ratio. Fuel moisture levels are extremely low, and are at levels which are usually not seen until late in the summer.
Fire Behavior	The fire remained active yesterday and throughout the evening, making runs to the south and east.
Significant Events	Plans are now being developed to develop and implement contingency activity in preparation for the fire crossing the Sisquoc River to the east.

Outlook

Planned Actions	Continue direct and indirect tactics with contingency actions to provide additional protection to communities.
Projected Movement	Conditions are similar to yesterday which resulted in a 3,000 acre increase in size in late afternoon.
Growth Potential	High.
Terrain Difficulty	Extreme.
Containment Target	Suppression tactics continue to be successful in maintaining north and west flanks. Poor access, rugged terrain, and extremely low fuel moisture continue to be problems in achieving containment in the wilderness.
Remarks	A successful public meeting was held in Solvang with the Santa Barbara Unified Command. There were between 200-300 public attendees.

Weather

Current Wind Conditions	11-18 mph NE
Current Temperature	56 degrees

InciWeb: China-back Complex Wildland Fire - 2,906 acres - 85%

Posted: 18 Jul 2007 12:59 PM CDT