Google Releases Android Master Key Security Patch

Similar Messages

• Is XE affected by security patches released April 24,2006?

  An April 24, 2006 article in Inforworld on Oracle patches for security issues (at bottom), an earlier thread (Feb 2, 2006 XE patches ) indicates there will be no patches for XE, only new versions. Can we be expecting a new version shortly if XE contains the same security issues as the commercial versions?
  Oracle plugs 36 security holes in quarterly patch Robert McMillan
  Mon Apr 24, 6:00 AM ET
  Oracle released a bevy of security patches for its software on Tuesday in its quarterly Critical Patch Update. The company plugged 36 security vulnerabilities in a range of products, including 14 fixes for the Oracle database, several of which could be exploited easily, according to Oracle. (article continues...)

  Well, this whole security business is quite tricky . Oracle stated previously that (for XE) they will not keep up with the quaterly patch updates for the regular editions.
  Thus there will be security holes for quite a while longer than for the other editions. If they tell us in the forum, the hackers will know, too.
  If they don't tell us, we will have no chance to protect ourself.
  I guess Oracle could come up with an official statement regarding the security policies for Oracle XE, how they intend to deal with them and what will be communicated.
  Thanks,
  ~Dietmar.

• Repost/Is XE affected by the security patches from April 24,2006?

  An April 24, 2006 article in Inforworld on Oracle patches for security issues (at bottom), an earlier thread (Feb 2, 2006 XE patches ) indicates there will be no patches for XE, only new versions. Can we be expecting a new version shortly if XE contains the same security issues as the commercial versions?
  Can someone from Oracle address this for me?
  Oracle plugs 36 security holes in quarterly patch Robert McMillan
  Mon Apr 24, 6:00 AM ET
  Oracle released a bevy of security patches for its software on Tuesday in its quarterly Critical Patch Update. The company plugged 36 security vulnerabilities in a range of products, including 14 fixes for the Oracle database, several of which could be exploited easily, according to Oracle. (article continues...)

  I am going through the patching process for my non-XE environments now. I have downloaded the patches and related documentation and there is no mention of the XE product that I could find in either the April or the January Critical Patch Updates (CPU). It is as if XE does not exist. (No revenue, no patches, no problems).
  It would be nice if in next CPU cycle, Oracle would at least state what their plans are in handling security problems in XE.

• ORA-28374: typed master key not found in wallet (no ORACLE.SECURITY.TS.ENCR

  Good afternoon! I have a problem with creating a wallet for TDE.
  Oracle Version 11.2.0.2.0.
  SQLNET.ORA is :
  NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
  ADR_BASE = /app/oracle
  # TO SWITCH OFF ORACLE ADR FEATURE
  # DIAG_ADR_ENABLED=off
  DIAG_SIGHANDLER_ENABLED=FALSE
  DIAG_RESTRICTED=TRUE
  TRACE_LEVEL_SERVER=admin
  TRACE_LEVEL_CLIENT=admin
  TRACE_DIRECTORY_SERVER=/app/oracle/product/11.2.0/db_1/network/log
  TRACE_DIRECTORY_CLIENT=/app/oracle/product/11.2.0/db_1/network/log
  TRACE_FILE_CLIENT=cli
  TRACE_FILE_SERVER=srv
  TRACE_UNIQUE_CLIENT=off
  SQLNET.EXPIRE_TIME = 10
  SQLNET.INBOUND_CONNECT_TIMEOUT = 20
  SQLNET.ENCRYPTION_SERVER = REQUESTED
  SQLNET.ENCRYPTION_CLIENT = REQUESTED
  SQLNET.CRYPTO_SEED = 'KakdlkLAKMXM0000sdsdsadadeffdmsdmdkmdv'
  SQLNET.ENCRYPTION_TYPES_SERVER= (AES256,RC4_256,3DES112,DES)
  SQLNET.CRYPTO_CHECKSUM_SERVER = REQUESTED
  SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (SHA1,MD5)
  ENCRYPTION_WALLET_LOCATION =
  (SOURCE=
  (METHOD=file)
  (METHOD_DATA=
  (DIRECTORY=/app/oracle/admin/orcl/wallet)
  I've creted wallet by command :
  alter system set encryption key identified by "sdsdsdsds";
  After that i can close and reopen this wallet , it's ok. But i can't create crypted tablaspace :
  CREATE TABLESPACE RMD DATAFILE '/oradata/orcl/TDE.dbf' SIZE 600M
  AUTOEXTEND ON NEXT 100M MAXSIZE 2000M
  EXTENT MANAGEMENT LOCAL UNIFORM SIZE 64K ENCRYPTION USING 'AES256' DEFAULT STORAGE (ENCRYPT);
  i've got an error ORA-28374: typed master key not found in wallet
  My wallet looks like :
  Requested Certificates:
  Subject: CN=oracle
  User Certificates:
  Oracle Secret Store entries:
  ORACLE.SECURITY.DB.ENCRYPTION.ASSSDSeFDX08Evy6Mco2yhXsAsdsdsdsdsdefdfdfdfddfddfdfdfAAAA
  ORACLE.SECURITY.DB.ENCRYPTION.MASTERKEY
  Trusted Certificates:
  As i uderstood there should be also entry like ORACLE.SECURITY.TS.ENCRYPTION. But why this didn't created into wallet by command : alter system set encryption key identified by "sdsdsdsds" ?
  Thanks!
  Edited by: user5819915 on 13-Jan-2012 03:25

  Hi there,
  first, "SQLNET.CRYPTO_SEED = 'KakdlkLAKMXM0000sdsdsadadeffdmsdmdkmdv" is no longer needed, the DB creates a seed itself and ignores this string.
  Then, on to TDE ...: These things happen if you had a wallet before, and that wallet was deleted; now if you create a new wallet, the TS MK is missing. Looks like you didn't encrypt any data yet. You might see if you get https://updates.oracle.com/download/8682102.html for your DB version; apply the patch, decrypt all data, cycle through all log files and then create a new wallet. That might work, but I can't promise.
  Peter

• In deadlock after every release of security patch

  After a security patch release is available the user has to visit the download page which
  can "speak" only Flash using the vulnerable installation of Flash Player.
  That means the user must expose own system to attacks in order to download the patched version.
  What bad concept. Where is the Adobe specialist responcible for the concept?
  Please do not claim one can trust the Adobe server and download page.
  Nowadays, there is no one server nor url trustful.
  Certificate issuers are not trustfull - see accidents from few last months.
  So, the more the servers nor internet sides can be trustfull.
  And the link to offline installer does not work due to disabled flash player
  or for any other reason. See http://kb2.adobe.com/de/cps/191/tn_19166.html
  and the url placed there
  Flash Player 10 Plugin (Alle anderen Windows-Browser, wie etwa Firefox oder Google Chrome)
  User does not decide to enable vulnerable flash installation and is not able to update
  to the patched one. It is a dead-lock.

  Under Adobe Forums: Forum: Flash Player ?
  It is defenitely too deep in Adobe's world.
  Official download page is not a forum page.
  Most of normal and PC non-freaks willl look there for downloads/updates.
  Link to full installer should be placed on official download page.
  Additionally, this page should not use Flash Player.
  Just to avoid a dead-lock when an update includes security patches.
  Additionally, as JackMcNac states it above the links to off-line
  installers and to be find somewhere in the Flash Online Support
  do not always work - it can't be.

• MSSQL 2008R2 SP3 will it include all security updates and cumulative patched released before this patch ? Example this security patch KB2977319, KB2977320 ?

  If I install MSSQL 2008R2 SP3 will that cover all the security patched released before this patch ?
  I also want to specifically know about this two Vulnerabilities in SQL Server Could Allow Elevation of Privilege
  KB2977319, KB2977320
  Please see more information about this in below blog: https://technet.microsoft.com/en-us/library/security/ms14-044.aspx
  Regards, Srini

  To read about the details of the fixes included in the service pack3 please refer this page
  http://support.microsoft.com/kb/2730301
  or this link
  http://support.microsoft.com/kb/2979597
  List of fixes included in SQL Server 2008 R2 SP3
  Microsoft SQL Server 2008 R2 service packs are cumulative updates and SQL Server 2008 R2 SP3 upgrades
  all editions and service levels of SQL Server 2008 R2 to SQL Server 2008 R2 SP3. 
  Satheesh
  My Blog |
  How to ask questions in technical forum

• July 2006 critical security patches released for corporate accounts

  Hello,
  Oracle had made a policy statement for 10gXE that it would not be releasing security patches for 10gXE. Today Oracle released the July 2006 critical security patches. See this page on Oracle website. These patches are only available to customers with a Metalink account.
  Will there be corresponding new release of 10gXE to address the coverage in these updates?
  Thank you.
  Albert

  According previos release of patches for 10g and analogue on XE - NO!

• After updating with the recent security patch I now have constant spinning colour wheel almost every key stroke is responded to by the wheel. Can this be fixed?

  Since installing the recent security patch I am getting the spinning colour wheel on almost every keystroke in Finder and in Gmail. Any way to speed up - or is this the result of the new security measures?

  It would help to give us more information. Etresoft: EtreCheck is a free app developed by one of the contributors to this forum which will generate a system report on your computer. If you can paste the report here we can take a look and see what might be the problem.

• DROIDX MASTER KEY VULNERABILITY

  Curious when Verizon is intending on releasing an OS patch to the Android v2.3.4 version running on the DROIDX devices, for the multiple "Master Key" vunerabilities that have been announced?
  I have been using this phone for a litle over four years now and love it in spite of the fact Verizon and Motorola decided that an Android v4.x upgrade would not be released for this hardware. It works great and have no desire to replace it, but serious OS vulnerabilities are something that does require patching by Verizon, especially when the vulnerability in question, could allow your phone to be taken over and expensive calls to be placed without your knowledge, just to line someone elses pockets, or become part of a mobile BOT net. Let's go Verizon... Android Developers have already released update OS patches and sent them to the various OEM anufacturers and resellers, so you should have had this patch pushed out to us long before I asked about it here.
  For those that wish to determine of your phone is also vulnerable to this OS Flaw, open Google Play, and install the BlueBox Security Scanner, released for just this purpose.,.

  That's good to hear, but that won't fix the issue for other market places that people use like Amazon. By patching the device itself, it's the only way to be sure the issue has ben taken care of, since that's where the Android Developers said the core issue resides.

• XE and Security Patches

  We have a group of SOA Suite developers uisng Oracle XE 10 locally on laptops. We are getting advised by IT security that securiy patches are needed.
  We are looking at following options - Apply security patches to XE 10 , upgrade to XE 11 or move to Oracle Standard DB.
  A couple of questions:
  1. Are security patches available for XE 10? If so, where do you get the patches?
  2. Would moving to XE 11 include security patches?
  Appreciate any input.
  Thanks

  1) No, XE cannot be patched.
  2) For 11g, same answer, there are no security patch sets available for any XE.
  11g might have security patches up to the time it was released but there have been several patches released since. If the security patches are needed a different edition is required.

• HT6147 is there going to be a Security patch for 1st Generation iPads?

  Is theis there going to be a Security patch for 1st Generation iPads? one has been released for all of the other devices.

  Probably not for the recent problem because the code error didn't show up until iOS 6. Since the original iPad cannot run iOS any later than 5.1.1 there is no need for an update in this instance.

• Latest Security Patch for Oracle DB 10.2.0.4 on 11.5.10.2 environment

  We have SUNOS 5.10 with database 10.2.0.4 on 11.5.10.2 environment. The requirement is to patch latest security patch.
  last patch was done 17-FEB-2009 ( retrived from registry$history). So, i would like to apply the latest security patch.
  Please somebody let me know which one is the latest patch to be applied for this environment.
  Thanks
  Dheeru

  Hi Hussein,
  The customer can install CPU Patch or PSU Patch on top of 10.2.0.4. I agree with you but I think you are misunderstanding for what I am trying to say. Why not go for the latest Patch Set 4 (10.2.0.5) and then apply CPU Patch 9952270 or PSU Patch 9952230 on top of it (recommended). Every quarter, Oracle provides Critical Patch Updates (CPU) to address security vulnerabilities, and Patch Set Updates (PSU) to address proactive, critical fixes and security vulnerabilities. When deciding for CPU or PSU, please consider the following guidelines:
  Critical Patch Updates and Patch Set Updates
  The Patch Set Updates and Critical Patch Updates that are released each quarter contain the same security fixes. However, they use different patching mechanisms, and Patch Set Updates include both security and recommended bug fixes. Consider the following guidelines when you are deciding to apply Patch Set Updates instead of Critical Patch Updates.
  1) Critical Patch Updates are applied only on the base release version, for example 10.2.0.4.0.
  2) Patch Set Updates can be applied on the base release version or on any earlier Patch Set Update. For example, 11.1.0.7.2 can be applied on 11.1.0.7.1 and 11.1.0.7.0.
  3) Once a Patch Set Update has been applied, the recommended way to get future security content is to apply subsequent Patch Set Updates. Reverting from an applied
  Patch Set Update back to the Critical Patch Update, while technically possible, requires significant time and effort, and is not advised.
  Regards,
  Shahid

• Applying Adobe Reader 8.1.2 Security Patch on top of Adobe Pro 7.x

  Hi,
  Our firm has a number of users running Adobe Standard and Professional 7.x. These users also have Adobe Reader 8 installed simultaneously as well.
  According to the Adobe security bulletin below, the security patch for Adobe Standard and Professional 7.x will not be released until May 2008:
  http://www.adobe.com/support/security/advisories/apsa08-01.html
  Question: if we deployed Adobe Reader 8.1.2 (which addresses the same security vulnerabilities mentioned in the above link) on top of Adobe Standard and Professional 7.x, will the vulnerability be fixed? The businesses will not be upgrading to Adobe Standard / Professional 8.1.2.
  Thank you,
  Roland Thomas

  Not to make excuses or anything but, it's more than a security patch.
  http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403079&sliceId=1

• Missing Security Patches

  1) Are there any useful facilities for admins or auditors to idenitfy misisng security patches associated with oracle EBS and supporting infrastructure? I know there are websoites saying which patches are out there but I could do with some sort of "this is what you are missing" type reports.
  2) Do Oracle have any useful whitepapers on best practice patch management for EBS, i.e. how to test, steps for restore if its affects anything etc.

  Hussein Sawwan wrote:
  release 12 EBS, 11g Oracle.The release does not matter here.
  Do any of the links you provide produce a missing patches report that would be easy to read for management/non EBS adminsYes.
  Patch Wizard FAQ [ID 976688.1]
  New Required Patches for Patch Wizard, Patch Manager, and Oracle Application Change Management Pack for Oracle E-Business Suite Releases 11i, 12.0, and 12.1 [ID 1267768.1]
  Patch Wizard Overview Videos [ID 1210479.1]
  Patch Wizard : Overview [ID 1077813.1]
  Diagnostics Toolbox: Recommended Patch List and Patch Wizard [ID 1196135.1]
  Oracle Applications Patching Procedures
  http://download.oracle.com/docs/cd/B53825_03/current/acrobat/121adpp.pdf
  http://forums.oracle.com/forums/search.jspa?threadID=&q=Patch+AND+Wizard&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
  http://search.oracle.com/search/search?search_p_main_operator=all&group=Blogs&oq=Patch+Wizard&x=0&y=0&q=Patch+Wizard+weblog%3A%3DstevenChan+site%3Ablogs.oracle.com
  Thanks,
  HusseinThanks Hussein,
  I am going to read through those links, but could you do me a bit of a cheat sheet on how to get a report on all missing security patches for our EBS and supporting infrastructure, and what it will look like. I.e. a basic 1-5 steps on where to get this report.

• Applying security patch to Oracle 10G on Linux

  Hello,
  I'm new to Oracle DBA world, need to apply security patch to Oracle 10G on Linux server, any tips and notes would be appreciated.
  thanks
  Sam

  Manish,
  1. I have to upgrade the database version from 10.2.0.2 to 10.2.0.4 on Linux, Is there any proper documentation which will help me out?Please refer to the following document.
  Note: 454750.1 - Oracle Apps Release 12 with Oracle Database 10.2.0 interoperability notes
  https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=454750.1
  2. What are the types of oracle database patches? what is the proper procedure to apply those kind of patches to Oracle 10g on Linux?
  Most of the patches in this upgrade are database patches (which should be applied using opatch). The main upgrade patch (Patch 6810189 - 10.2.0.4 patch set) should be applied using Oracle Universal Installer (runInstaller).
  Always follow the steps in the patch README file before applying any patch.
  Regards,
  Hussein