Number: AV16-118
Date: 20 July 2016
Purpose
The purpose of this advisory is to bring attention to the following July 2016 critical patch updates released for Oracle.
Assessment
Oracle has issued a Critical Patch Update (CPU) which addresses 276 new security fixes across multiple Oracle products and versions.
Products affected:
- Application Express, version(s) 5.0.4 and prior.
- Oracle Database Server, version(s) 11.2.0.4, 12.1.0.1, 12.1.0.2
- Oracle Access Manager, version(s) 10.1.4.x, 11.1.1.7
- Oracle BI Publisher, version(s) 11.1.1.7.0, 11.1.1.9.0, 12.2.1.0.0
- Oracle Business Intelligence Enterprise Edition, version(s) 11.1.1.7.0, 11.1.1.9.0, 11.2.1.0.0
- Oracle Directory Server Enterprise Edition, version(s) 7.0, 11.1.1.7.0
- Oracle Exalogic Infrastructure, version(s) 1.x, 2.x
- Oracle Fusion Middleware, version(s) 11.1.1.7, 11.1.1.8, 11.1.1.9, 11.1.2.2, 11.1.2.3, 12.1.3.0, 12.2.1.0
- Oracle GlassFish Server, version(s) 2.1.1, 3.0.1, 3.1.2
- Oracle HTTP Server, version(s) 11.1.1.9, 12.1.3.0
- Oracle JDeveloper, version(s) 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0
- Oracle Portal, version(s) 11.1.1.6
- Oracle TopLink, version(s) 12.1.3.0, 12.2.1.0, 12.2.1.1
- Oracle WebCenter Sites, version(s) 11.1.1.8, 12.2.1.0
- Oracle WebLogic Server, version(s) 10.3.6.0, 12.1.3.0, 12.2.1.0
- Outside In Technology, version(s) 8.5.0, 8.5.1, 8.5.2
- Hyperion Financial Reporting, version(s) 11.1.2.4
- Enterprise Manager Base Platform, version(s) 12.1.0.5, 13.1.0.0
- Enterprise Manager for Fusion Middleware, version(s) 11.1.1.7, 11.1.1.9
- Enterprise Manager Ops Center, version(s) 12.1.4, 12.2.2, 12.3.2
- Oracle E-Business Suite, version(s) 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5
- Oracle Agile Engineering Data Management, version(s) 6.1.3.0, 6.2.0.0 Oracle
- Oracle Agile PLM, version(s) 9.3.4, 9.3.5 Oracle
- Oracle Demand Planning, version(s) 12.1, 12.2 Oracle
- Oracle Transportation Management, version(s) 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, 6.4.1
- PeopleSoft Enterprise FSCM, version(s) 9.1, 9.2
- PeopleSoft Enterprise PeopleTools, version(s) 8.53, 8.54, 8.55
- JD Edwards EnterpriseOne Tools, version(s) 9.2.0.5
- Oracle Knowledge, version(s) 8.5.x
- Siebel Applications, version(s) 8.1.1, 8.2.2, IP2014, IP2015, IP2016
- Oracle Fusion Applications, version(s) 11.1.2 through 11.1.10
- Oracle Communications ASAP, version(s) 7.0, 7.2, 7.3
- Oracle Communications Core Session Manager, version(s) 7.2.5, 7.3.5
- Oracle Communications EAGLE Application Processor, version(s) 16.0
- Oracle Communications Messaging Server, version(s) 6.3, 7.0, 8.0, Prior to 7.0.5.37.0 et 8.0.1.1.0
- Oracle Communications Network Charging and Control, version(s) 4.4.1.5.0, 5.0.0.1.0, 5.0.0.2.0, 5.0.1.0.0, 5.0.2.0.0 O
- Oracle Communications Operations Monitor, version(s) 3.3.92.0.0 and prior.
- Oracle Communications Policy Management, version(s) 9.9.2 and prior.
- Oracle Communications Session Border Controller, version(s) 7.2.0, 7.3.0
- Oracle Communications Unified Session Manager, version(s) 7.2.5, 7.3.5
- Oracle Enterprise Communications Broker, version(s) PCz 2.0.0m4p1 and prior.
- Oracle Banking Platform, version(s) 2.3.0, 2.4.0, 2.4.1, 2.5.0 Oracle
- Oracle Financial Services Lending and Leasing, version(s) 14.1, 14.2
- Oracle FLEXCUBE Direct Banking, version(s) 12.0.1, 12.0.2, 12.0.3
- Oracle Health Sciences Clinical Development Center, version(s) 3.1.1.x, 3.1.2.x
- Oracle Health Sciences Information Manager, version(s) 1.2.8.3, 2.0.2.3, 3.0.1.0
- Oracle Healthcare Analytics Data Integration, version(s) 3.1.0.0.0
- Oracle Healthcare Master Person Index, version(s) 2.0.12, 3.0.0, 4.0.1
- Oracle Documaker, version(s) Prior to 12.5
- Oracle Insurance Calculation Engine, version(s) 9.7.1, 10.1.2, 10.2.2 Oracle
- Oracle Insurance Policy Administration J2EE, version(s) 9.6.1, 9.7.1, 10.0.1, 10.1.2, 10.2.0, 10.2.2
- Oracle Insurance Rules Palette, version(s) 9.6.1, 9.7.1, 10.0.1, 10.1.2, 10.2.0, 10.2.2
- MICROS Retail XBRi Loss Prevention, version(s) 10.0.1, 10.5.0, 10.6.0, 10.7.0, 10.8.0, 10.8.1
- Oracle Retail Central, Back Office, Returns Management, version(s) 13.1, 13.2, 13.3, 13.4, 14.0, 14.1, 12.0 13.0
- Oracle Retail Integration Bus, version(s) 13.0, 13.1, 13.2, 14.0, 14.1, 15.0
- Oracle Retail Order Broker, version(s) 4.1, 5.1, 5.2, 15.0
- Oracle Retail Service Backbone, version(s) 13.0, 13.1, 13.2, 14.0, 14.1, 15.0
- Oracle Retail Store Inventory Management, version(s) 12.0, 13.0, 13.1, 13.2, 14.0, 14.1
- Oracle Utilities Framework, version(s) 2.2.0.0.0, 4.1.0.1.0, 4.1.0.2.0, 4.2.0.1.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0, 4.3.0.2.0
- Oracle Utilities Network Management System, version(s) 1.10.0.6.27, 1.11.0.4.41, 1.11.0.5.4, 1.12.0.1.16, 1.12.0.2.12. 1.12.0.3.5
- Oracle Utilities Work and Asset Management, version(s) 1.9.1.2.8 Oracle Utilities Applications
- Oracle In-Memory Policy Analytics, version(s) 12.0.1 Oracle Policy Automation
- Oracle Policy Automation, version(s) 10.3.0, 10.3.1, 10.4.0, 10.4.1, 10.4.2, 10.4.3, 10.4.4, 10.4.5, 10.4.6, 12.1.0, 12.1.1
- Oracle Policy Automation Connector pour Siebel, version(s) 10.3.0, 10.4.0, 10.4.1, 10.4.2, 10.4.3, 10.4.4, 10.4.5, 10.4.6
- Oracle Policy Automation pour Mobile Devices, version(s) 12.1.1
- Primavera Contract Management, version(s) 14.2
- Primavera P6 Enterprise Project Portfolio Management, version(s) 8.2, 8.3, 8.4, 15.1, 15.2, 16.1
- Oracle Java SE, version(s) 6u115, 7u101, 8u92
- Oracle Java SE Embedded, version(s) 8u91
- Oracle JRockit, version(s) R28.3.10
- 40G 10G 72/64 Ethernet Switch, version(s) 2.0.0
- Fujitsu M10-1, M10-4, M10-4S Servers, version(s) prior to XCP 2320
- ILOM, version(s) 3.0, 3.1, 3.2
- Oracle Switch ES1-24, version(s) 1.3
- Solaris, version(s) 10, 11.3
- Solaris Cluster, version(s) 3.3, 4.3
- SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers, version(s) prior to XCP 1121
- Sun Blade 6000 Ethernet Switched NEM 24P 10GE, version(s) 1.2
- Sun Data Center InfiniBand Switch 36, version(s) prior to 2.2.2
- Sun Network 10GE Switch 72p, version(s) 1.2
- Sun Network QDR InfiniBand Gateway Switch, version(s) prior to 2.2.2
- Oracle Secure Global Desktop, version(s) 4.63, 4.71, 5.2
- Oracle VM VirtualBox, version(s) prior to 5.0.26
- MySQL Server, version(s) 5.5.49 and prior, 5.6.30 and prior, 5.7.12 and prior.
Suggested Action
CCIRC recommends that system administrators identify their affected assets and potential interdependencies with their organization’s critical services, and follow their patch management process accordingly.
References:
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html