Symantec Enterprise Vault Updates Oracle Outside In Module for Multiple Issues
|Article:TECH182366|||||Created: 2012-02-27|||||Updated: 2012-03-05|||||Article URL http://www.symantec.com/docs/TECH182366|
Symantec has released updates to the Oracle Outside In module in supported versions of the Symantec Enterprise Vault product suite. These updates address potential Denial of Service and possible code execution susceptibility. An issue has been found in the Oracle Outside In libraries which Enterprise Vault uses to convert data for storage in the archive. The issues identified include two issues with conversion of JPEG image files and one with parsing of Lotus 123 files. Symantec Enterprise Vault use of the Oracle Outside In technology does not include the conversion of graphics files, which mitigates attack vectors involving graphic file parsing issues. Symantec recommends all customers download and apply the hotfixes identified below in the Solution section as soon as possible.
What is Affected
The following versions of Symantec Enterprise Vault are affected:
- Enterprise Vault for File System Archiving 9.x, and 10.0
- Enterprise Vault for Lotus Domino 9.x, and 10.0
- Enterprise Vault for Microsoft Exchange 9.x, and 10.0
- Enterprise Vault for Microsoft SharePoint 9.x, and 10.0
- Enterprise Vault for SMTP 9.x, and 10.0
- Enterprise Vault API 9.x, and 10.0
Symantec Strongly Recommends the Following Best Practices:
1. Always perform a FULL backup prior to and after any changes to your environment.
2. Always make sure that the environment is running the latest version and patch level.
3. Subscribe to technical articles for updates.
9.0.3 - Oracle Outside In Patch
9.0.2 - Oracle Outside In Patch
9.0.1 - Oracle Outside In Patch
9.0 - Oracle Outside In Patch
10.0 - Oracle Outside In Patch
Article URL http://www.symantec.com/docs/TECH182366