Guest

Cisco E-Mail Manager Option

Field Notice: FN - 62414 - Notice for Oracle Security Updates - October 2005, January 2006 and April 2006


May 11, 2006

NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

Products Affected

Cisco Collaboration Server - 5.0, with the most up to date Service Release

Cisco eMail Manager - 5.0, with the most up to date Service Release

Problem Description

On October 18, 2005, January 17, 2006 and April 18, 2006, Oracle released the following security updates respectively:

Critical Patch Update October 2005 (Metalink ID 333953.1)

Critical Patch Update January 2006 (Metalink ID 343382.1)

Critical Patch Update April 2006 (Metalink ID 360044.1)

Affected Supported Software:

- Oracle9i Database Server Release 2, versions 9.2.0.6

The following links contains information on fixes, updates, and workarounds.

Oracle Critical Patch Update October 2005

Oracle Critical Patch Update - October 2005 or

MetaLink Note 333953.1

Oracle Critical Patch Update January 2006

Oracle Critical Patch Update - January 2006 or

MetaLink Note 343382.1

Oracle Critical Patch Update April 2006

Oracle Critical Patch Update - April 2006 or

MetaLink Note 360044.1

Database Server Patches Needed:

Oracle 9i

Windows 32-bit: 4579093, 4751261.

Background

Cisco evaluates third party security notices and updates for potential impact to Cisco Contact Center products.

The qualification process results in one of four categorical ratings being applied to a given update: Impacting, Not Impacting, Deferred, or Not Applicable.

The four ratings are defined in the Cisco Customer Contact Software Policy for use of Third-Party Software and Security Updates document.

For the security updates listed in Problem Description section of this bulletin, Cisco has assigned the updates to the following categories:

Impacting

CPUOCT2005, CPUJAN2006, CPUAPR2006

Refer to the Oracle Database Server Risk Matrix for Critical Patch Update : July 2005, which may be found at MetaLink Note 333953.1, MetaLink Note 343382.1 and MetaLink Note 360044.1, for more details on the extent of the vulnerabilities this critical update addresses.

Customers should follow Oracle's guidelines regarding when and how they should apply this update.

Refer to the Oracle Critical Patch Updates and Security Alerts website for full details of the potential exposure from this update.

Product

Patch

Version(s)

Tested (Y/I*)

Components Tested (All or Specific)

CEM & CCS

CPUAPR2006

5.0

I

All

CEM & CCS

CPUJAN2006

5.0

Y

All

CEM & CCS

CPUOCT2005

5.0

Y

All

* Testing Disposition

I - In Progress (indicating that testing is in progress and will be updated when complete)

Y - Yes (tested)

NA - Not Applicable (none of the security updates are being tested because of a 'Not Applicable' or 'Deferred' assessment)

Problem Symptoms

It is important to point out that Cisco Contact Center Support has not had any cases pertaining to this vulnerability recorded from our customer base as of May 4, 2006.

Workaround/Solution

Cisco has assessed, and where deemed appropriate, validated the Oracle security patches addressed in this bulletin. Deferred security updates will be folded in to regression testing of the listed products' next service release or major release whichever comes first.

Cisco recommends that Contact Center customers separately assess all security patches released by Oracle and install those deemed appropriate for their environments.

Cisco will continue to provide a service of separately assessing and where necessary, validating higher severity security patches that may be relevant to the Contact Center Enterprise software products.

Visit Oracle's MetaLink website to acquire the fixes. Keep in mind that you should download the appropriate fixes based on the version of the operating system deployed in your environment and revision level.

Revision History

Revision

Date

Comment

1.0

11-MAY-2006

Initial Public Release

NetPro Discussion Forums - Featured Conversations

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.