Enterprise Vault Updates Oracle Outside In Module for Multiple Issues

Enterprise Vault Updates Oracle Outside In Module for Multiple Issues

Article: 100031661
Last Published: 2015-12-08
Ratings: 0 0
Product(s): Enterprise Vault

Problem

We have released updates to the Oracle Outside In module in supported versions of the Enterprise Vault product suite. These updates address potential Denial of Service and possible code execution susceptibility. An issue has been found in the Oracle Outside In libraries which Enterprise Vault uses to convert data for storage in the archive. The issues identified include two issues with conversion of JPEG image files and one with parsing of Lotus 123 files. Enterprise Vault use of the Oracle Outside In technology does not include the conversion of graphics files, which mitigates attack vectors involving graphic file parsing issues. We recommend all users download and apply the hotfixes identified below as soon as possible.

Solution

What is Affected
The following versions of Enterprise Vault are affected: 
  • Enterprise Vault for File System Archiving 9.x, and 10.0
  • Enterprise Vault for Lotus Domino 9.x, and 10.0
  • Enterprise Vault for Microsoft Exchange 9.x, and 10.0
  • Enterprise Vault for Microsoft SharePoint 9.x, and 10.0
  • Enterprise Vault for SMTP 9.x, and 10.0
  • Enterprise Vault API 9.x, and 10.0
We have released updates to the Oracle Outside In module in supported versions of the Enterprise Vault product suite. These updates address potential Denial of Service and possible code execution susceptibility.
 
Enterprise Vault 10.0

Enterprise Vault 9.0.2
Enterprise Vault 9.0.1

Enterprise Vault 9.0

We strongly recommend the following best practices:
  1. Always perform a FULL backup prior to and after any changes to your environment.
  2. Always make sure that the environment is running the latest version and patch level.

Was this content helpful?