Symantec Enterprise Vault Updates Oracle Outside In Module for Multiple Issues

Article:TECH182366  |  Created: 2012-02-27  |  Updated: 2012-03-05  |  Article URL http://www.symantec.com/docs/TECH182366
Article Type
Technical Solution

Product(s)

Subject

Issue



Symantec has released updates to the Oracle Outside In module in supported versions of the Symantec Enterprise Vault product suite. These updates address potential Denial of Service and possible code execution susceptibility.   An issue has been found in the Oracle Outside In libraries which Enterprise Vault uses to convert data for storage in the archive.  The issues identified include two issues with conversion of JPEG image files and one with parsing of Lotus 123 files. Symantec Enterprise Vault use of the Oracle Outside In technology does not include the conversion of graphics files, which mitigates attack vectors involving graphic file parsing issues. Symantec recommends all customers download and apply the hotfixes identified below in the Solution section as soon as possible.


What is Affected
The following versions of Symantec Enterprise Vault are affected: 

  • Enterprise Vault for File System Archiving 9.x, and 10.0
  • Enterprise Vault for Lotus Domino 9.x, and 10.0
  • Enterprise Vault for Microsoft Exchange 9.x, and 10.0
  • Enterprise Vault for Microsoft SharePoint 9.x, and 10.0
  • Enterprise Vault for SMTP 9.x, and 10.0
  • Enterprise Vault API 9.x, and 10.0

Solution



Symantec has released updates to the Oracle Outside In module in supported versions of the Symantec Enterprise Vault product suite. These updates address potential Denial of Service and possible code execution susceptibility.

Enterprise Vault 10.0
Download Hotfix - http://www.symantec.com/docs/TECH182076  

Enterprise Vault 9.0.3
Enterprise Vault 9.0.2
Enterprise Vault 9.0.1
Enterprise Vault 9.0
Download Hotfix - http://www.symantec.com/docs/TECH182073  

  
How to Subscribe to Email Notifications:
Subscribe to this article by clicking on the Subscribe via email link on this page to receive notification when this article is updated. 

Software Alerts:
If this TechNote was not received from the Symantec Email Notification Service as a Software Alert, please subscribe via email and/or RSS.  For more information refer to article HOWTO31128 for additional information.


Symantec Strongly Recommends the Following Best Practices:

1. Always perform a FULL backup prior to and after any changes to your environment.
2. Always make sure that the environment is running the latest version and patch level.
3. Subscribe to technical articles for updates.
 

Supplemental Materials

SourceETrack
Value2661686
Description

9.0.3 - Oracle Outside In Patch


SourceETrack
Value2654150
Description

9.0.2 - Oracle Outside In Patch


SourceETrack
Value2674264
Description

9.0.1 - Oracle Outside In Patch


SourceETrack
Value2674262
Description

9.0 - Oracle Outside In Patch


SourceETrack
Value2661688
Description

10.0 - Oracle Outside In Patch




Article URL http://www.symantec.com/docs/TECH182366


Terms of use for this information are found in Legal Notices