Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Oracle Critical Patch update Advisory – January 2017

Number: AV17-007
Date: 19 January 2017

Purpose

The purpose of this advisory is to bring attention to the following critical patch updates released for Oracle.

Assessment

Oracle has issued a Critical Patch Update (CPU) which addresses 270 new security fixes across multiple Oracle products and versions.

Products affected:

  • Oracle Database Server, version(s) 11.2.0.4, 12.1.0.2
  • Oracle Secure Backup, version(s) prior to 12.1.0.3
  • Spatial, version(s) prior to 1.2
  • Oracle Fusion Middleware, version(s) 11.1.1.7, 11.1.1.9, 11.1.2.3, 11.1.2.4, 12.1.3.0, 12.2.1.0, 12.2.1.1
  • Oracle GlassFish Server, version(s) 2.1.1, 3.0.1, 3.1.2
  • Oracle JDeveloper, version(s) 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0, 12.2.1.2.0
  • Oracle Outside In Technology, version(s) 8.5.2, 8.5.3
  • Oracle Tuxedo, version(s) 12.1.1
  • Oracle WebLogic Server, version(s) 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1
  • Application Testing Suite, version(s) 12.4.0.2, 12.5.0.2, 12.5.0.3
  • Enterprise Manager Base Platform, version(s) 12.1.0.5, 13.1, 13.2
  • Enterprise Manager Ops Center, version(s) 12.1.4, 12.2.2, 12.3.2
  • Oracle E-Business Suite, version(s) 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6
  • Oracle Transportation Management, version(s) 6.1, 6.2
  • PeolpeSoft Enterprise HCM ePerformance, version(s) 9.2
  • PeopleSoft Enterprise PeopleTools, version(s) 8.54, 8.55
  • JD Edwards EnterpriseOne Tools, version(s) 9.2
  • Siebel Applications, version(s) 16.1
  • Oracle Commerce Platform, version(s) 10.0.3.5, 10.2.0.5, 11.2.0.2
  • Oracle Fusion Applications, version(s) 11.1.2 through 11.1.9
  • Oracle Communications Indexing and Search Service, version(s) prior to 1.0.5.28.0
  • Oracle Communications Network Charging and Control, version(s) 4.4.1.5, 5.0.0.1, 5.0.0.2, 5.0.1.0, 5.0.2.0
  • Oracle Communications Network Intelligence, version(s) 7.3.0.0
  • Oracle FLEXCUBE Core Banking, version(s) 5.1.0, 5.2.0, 11.5.0
  • Oracle FLEXCUBE Direct Banking, version(s) 12.0.0, 12.0.1, 12.0.2, 12.0.3
  • Oracle FLEXCUBE Enterprise Limits and Collateral Management, version(s) 12.0.0, 12.0.2
  • Oracle FLEXCUBE Investor Servicing, version(s) 12.0.1, 12.0.2, 12.0.4, 12.1.0, 12.3.0
  • Oracle FLEXCUBE Private Banking, version(s) 2.0.1, 2.2.0, 12.0.1
  • Oracle FLEXCUBE Universal Banking, version(s) 11.3.0, 11.4.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0
  • MICROS Lucas, version(s) 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5
  • Oracle Retail Allocation, version(s) 12.0, 13.0, 13.1, 13.2, 13.3, 14.0, 14.1
  • Oracle Retail Assortment Planning, version(s) 14.1, 15.0
  • Oracle Retail Order Broker, version(s) 4.1, 5.1, 5.2, 15.0, 16.0
  • Oracle Retail Predictive Application Server, version(s) 13.1, 13.2, 13.3, 13.4, 14.0, 14.1, 15.0
  • Oracle Retail Price Management, version(s) 13.1, 13.2, 14.0, 14.1
  • Primavera P6 Enterprise Project Portfolio Management, version(s) 8.2, 8.3, 8.4, 15.1, 15.2, 16.1, 16.2
  • Oracle Java SE, version(s) 6u131, 7u121, 8u112
  • Oracle Java SE Embedded, version(s) 8u111
  • Oracle JRockit, version(s) R28.3.12
  • Oracle VM Server for Sparc, version(s) 3.2, 3.4
  • Solaris, version(s) 11.3
  • Oracle VM VirtualBox, version(s) prior to 5.0.32, prior to 5.1.14
  • MySQL Cluster, version(s) 7.2.26 and prior, 7.3.14 and prior, 7.4.12 and prior
  • MySQL Enterprise Monitor, version(s) 3.1.3.7856 and prior, 3.1.4.7895 and prior, 3.1.5.7958 and prior, 3.2.1.1049 and prior, 3.2.4.1102 and prior, 3.3.0.1098 and prior
  • MySQL Server, version(s) 5.5.53 and prior, 5.6.34 and prior, 5.7.16 and prior

CVE References:
CVE-2015-0250, CVE-2015-1791, CVE-2015-3237, CVE-2015-3253, CVE-2015-5505, CVE-2015-7501,
CVE-2015-7940, CVE-2016-6304, CVE-2016-0635, CVE-2016-0714, CVE-2016-0734, CVE-2016-1182,
CVE-2016-1903, CVE-2016-2183, CVE-2016-5000, CVE-2016-5019, CVE-2016-5509, CVE-2016-5528,
CVE-2016-5541, CVE-2016-5545, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549,
CVE-2016-5552, CVE-2016-5590, CVE-2016-5614, CVE-2016-5623, CVE-2016-6303, CVE-2016-6304,
CVE-2016-7052, CVE-2016-8282, CVE-2016-8297, CVE-2016-8298, CVE-2016-8299, CVE-2016-8300,
CVE-2016-8301, CVE-2016-8302, CVE-2016-8303, CVE-2016-8304, CVE-2016-8305, CVE-2016-8306,
CVE-2016-8307, CVE-2016-8308, CVE-2016-8309, CVE-2016-8310, CVE-2016-8311, CVE-2016-8312,
CVE-2016-8313, CVE-2016-8314, CVE-2016-8315, CVE-2016-8316, CVE-2016-8317, CVE-2016-8318,
CVE-2016-8319, CVE-2016-8320, CVE-2016-8322, CVE-2016-8323, CVE-2016-8324, CVE-2016-8325,
CVE-2016-8327, CVE-2016-8328, CVE-2016-8329, CVE-2016-8330, CVE-2017-3231, CVE-2017-3235,
CVE-2017-3236, CVE-2017-3238, CVE-2017-3239, CVE-2017-3240, CVE-2017-3241, CVE-2017-3242,
CVE-2017-3243, CVE-2017-3244, CVE-2017-3245, CVE-2017-3246, CVE-2017-3247, CVE-2017-3248,
CVE-2017-3249, CVE-2017-3250, CVE-2017-3251, CVE-2017-3252, CVE-2017-3253, CVE-2017-3255,
CVE-2017-3256, CVE-2017-3257, CVE-2017-3258, CVE-2017-3259, CVE-2017-3260, CVE-2017-3261,
CVE-2017-3262, CVE-2017-3263, CVE-2017-3264, CVE-2017-3265, CVE-2017-3266, CVE-2017-3267,
CVE-2017-3268, CVE-2017-3269, CVE-2017-3270, CVE-2017-3271, CVE-2017-3272, CVE-2017-3273,
CVE-2017-3274, CVE-2017-3275, CVE-2017-3276, CVE-2017-3277, CVE-2017-3278, CVE-2017-3279,
CVE-2017-3280, CVE-2017-3281, CVE-2017-3282, CVE-2017-3283, CVE-2017-3284, CVE-2017-3285,
CVE-2017-3286, CVE-2017-3287, CVE-2017-3289, CVE-2017-3290, CVE-2017-3291, CVE-2017-3292,
CVE-2017-3293, CVE-2017-3294, CVE-2017-3295, CVE-2017-3296, CVE-2017-3297, CVE-2017-3298,
CVE-2017-3299, CVE-2017-3300, CVE-2017-3301, CVE-2017-3303, CVE-2017-3310, CVE-2017-3311,
CVE-2017-3312, CVE-2017-3313, CVE-2017-3314, CVE-2017-3315, CVE-2017-3316, CVE-2017-3317,
CVE-2017-3318, CVE-2017-3319, CVE-2017-3320, CVE-2017-3321, CVE-2017-3322, CVE-2017-3323,
CVE-2017-3324, CVE-2017-3325, CVE-2017-3326, CVE-2017-3327, CVE-2017-3328, CVE-2017-3330,
CVE-2017-3332, CVE-2017-3333, CVE-2017-3359, CVE-2017-3361, CVE-2017-3362, CVE-2017-3368,
CVE-2017-3369, CVE-2017-3372, CVE-2017-3373, CVE-2017-3415, CVE-2017-3418, CVE-2017-3421,
CVE-2017-3440, CVE-2017-3443

Suggested action

CCIRC recommends that system administrators identify their affected assets and potential interdependencies with their organization’s critical services, and follow their patch management process accordingly.

References

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

Date modified: