Sunday, February 23, 2014

 Oracle Critical Patch Update Advisory - January 2014

Purpose

The purpose of this advisory is to bring attention to the following critical patch update released for Oracle.

Assessment

Oracle has issued a Critical Patch Update (CPU) which addresses 144 new security fixes across multiple Oracle products.
Affected products and versions:
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 11g Release 2, versions 11.2.0.3, 11.2.0.4
Oracle Database 12c Release 1, version 12.1.0.1
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.6, 11.1.1.7
Oracle Fusion Middleware 11g Release 2, versions 11.1.2.0, 11.1.2.1
Oracle Fusion Middleware 12c Release 2, version 12.1.2
Oracle Containers for J2EE, version 10.1.3.5
Oracle Enterprise Data Quality, versions 8.1, 9.0.8
Oracle Forms and Reports 11g, Release 2, version 11.1.2.1
Oracle GlassFish Server, version 2.1.1, Sun Java Application Server, versions 8.1, 8.2
Oracle HTTP Server 11g, versions 11.1.1.6, 11.1.1.7
Oracle HTTP Server 12c, version 12.1.2
Oracle Identity Manager, versions 11.1.1.5, 11.1.1.7, 11.1.2.0, 11.1.2.1
Oracle Internet Directory, versions 11.1.1.6, 11.1.1.7
Oracle iPlanet Web Proxy Server, version 4.0
Oracle iPlanet Web Server, versions 6.1, 7.0
Oracle Outside In Technology, versions 8.4.0, 8.4.1
Oracle Portal, version 11.1.1.6
Oracle Reports Developer, versions 11.1.1.6, 11.1.1.7, 11.1.2.1
Oracle Traffic Director, versions 11.1.1.6, 11.1.1.7
Oracle WebCenter Portal versions 11.1.1.6.0, 11.1.1.7.0, 11.1.1.8.0
Oracle WebCenter Sites versions 11.1.1.6.1, 11.1.1.8.0
Oracle Hyperion Essbase Administration Services, versions 11.1.2.1, 11.1.2.2, 11.1.2.3
Oracle Hyperion Strategic Finance, versions 11.1.2.1, 11.1.2.2
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle E-Business Suite Release 12i, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3
Oracle Agile Product Lifecycle Management for Process, versions 6.0, 6.1, 6.1.1
Oracle AutoVue, versions 20.1.1
Oracle Demantra Demand Management, versions 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3
Oracle Transportation Management, versions 6.0, 6.1, 6.2, 6.3, 6.3.1, 6.3.2
Oracle PeopleSoft Enterprise HRMS, versions 9.1.0, 9.2.0
Oracle PeopleSoft Enterprise HRMS Human Resources, versions 9.1, 9.2
Oracle PeopleSoft Enterprise PeopleTools, versions 8.52, 8.53
Oracle PeopleSoft Enterprise SCM Services Procurement, version 9.2
Oracle Siebel Core, versions 8.1.1, 8.2.2
Oracle Siebel Life Sciences, versions 8.1.1, 8.2.2
Oracle iLearning, version 6.0
Oracle FLEXCUBE Private Banking, versions 1.7, 2.0, 2.0.1, 2.2.0.1, 3.0, 12.0.1, 12.0.2
Oracle JavaFX, versions 2.2.45 and earlier
Oracle Java JDK and JRE, versions 5.0u55 and earlier, 6u65 and earlier, 7u45 and earlier
Oracle Java SE Embedded, versions 7u45 and earlier
Oracle JRockit, versions R27.7.7 and earlier, R28.2.9 and earlier
Oracle Solaris versions 8, 9, 10, 11.1
Oracle Secure Global Desktop, versions 4.63.x, 4.71.x, 5.0.x, 5.10
Oracle VM VirtualBox, versions prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, 4.3.6
Oracle MySQL Enterprise Monitor, versions 2.3, 3.0
Oracle MySQL Server, versions 5.1, 5.5, 5.6

Suggested action

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. CCIRC recommends that system administrators identify their affected assets and potential interdependencies with their organization's critical services, and follow their patch management process accordingly.

References

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) operates within Public Safety Canada, and works with partners inside and outside Canada to mitigate cyber threats to vital networks outside the federal government. These include systems that keep Canada's critical infrastructure functioning properly, such as the electrical grid and financial networks, or contain valuable commercial information that underpins our economic prosperity. CCIRC supports the owners and operators of systems of national importance, including critical infrastructure, and is responsible for coordinating the national response to any serious cyber security incident.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)