Number: AV18-118
Date: 18 July 2018
Purpose
The purpose of this advisory is to bring attention to the quarterly updates released for Oracle.
Assessment
Oracle has issued a Critical Patch Update Advisory which addresses multiple new security fixes across multiple Oracle products.
Affected Products:
Agile Recipe Management for Pharmaceuticals, version 9.3.4
- Enterprise Manager Base Platform, versions 12.1.0.5, 13.2.x
- Enterprise Manager for Fusion Middleware, versions 12.1.0.5, 13.2.x
- Enterprise Manager for MySQL Database, versions 13.2.2.0.0 and prior
- Enterprise Manager for Oracle Database, versions 12.1.0.8, 13.2.2
- Enterprise Manager for Peoplesoft, versions 13.1.1.1, 13.2.1.1
- Enterprise Manager for Virtualization, versions 13.2.2, 13.2.3
- Enterprise Manager Ops Center, versions 12.2.2, 12.3.3
- FMW Platform, versions 12.2.1.2.0, 12.2.1.3.0
- Hardware Management Pack, version 11.3
- Hyperion Data Relationship Management, version 11.1.2.4.330
- Hyperion Financial Reporting, version 11.1.2
- JD Edwards EnterpriseOne Tools, version 9.2
- JD Edwards World Security, versions A9.3, A9.3.1, A9.4
- MICROS 700 Series Tablet, versions Prior to BIOS 0.00.13ORC, Prior to BIOS 0.01.25ORC
- MICROS Handheld Terminal, versions 2018, Android 4.4.4 Security Patch Bulletin prior to February 1
- MICROS Kitchen Display Controller, versions Prior to BIOS 0.00.16ORC
- MICROS Lucas, versions 2.9.5.3, 2.9.5.4, 2.9.5.5, 2.9.5.6
- MICROS Relate CRM Software, versions 10.8.x, 11.4.x
- MICROS Retail-J, versions 10.2.x, 11.0.x, 12.0.x, 12.1.x, 12.1.1.x, 12.1.2.x, 13.1.x
- MICROS Workstation 6, versions prior to BIOS 1.3.1.0, prior to BIOS 1.5.2.0, prior to BIOS 2.3.1.0
- MICROS XBR, versions 7.0.2, 7.0.4
- MySQL Client, versions 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior, 8.0.11 and prior
- MySQL Connectors, versions 5.3.10 and prior, 8.0.11 and prior
- MySQL Enterprise Monitor, versions 3.4.7.4297 and prior, 4.0.4.5235 and prior, 8.0.0.8131 and prior
- MySQL Server, versions 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior, 8.0.11 and prior
- MySQL Workbench, versions 6.3.10 and prior, 8.0.11 and prior
- Oracle Agile Engineering Data Management, versions 6.1.3, 6.2.0, 6.2.1
- Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6
- Oracle Agile PLM MCAD Connector, versions 3.3, 3.4, 3.5, 3.6
- Oracle Agile Product Lifecycle Management for Process, version 6.2.0.0
- Oracle API Gateway, version 11.1.2.4.0
- Oracle Application Testing Suite, version 10.1
- Oracle AutoVue VueLink Integration, versions 21.0.0, 21.0.1
- Oracle Banking Corporate Lending, versions 12.3.0, 12.4.0, 12.5.0, 14.0.0, 14.1.0
- Oracle Banking Payments, versions 12.2.0, 12.3.0, 12.4.0, 12.5.0, 14.1.0
- Oracle Banking Platform, versions 2.6.0, 2.6.1, 2.6.2
- Oracle BI Publisher, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0
- Oracle Business Process Management Suite, versions 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0, 12.2.1.3.0
- Oracle Communications Diameter Signaling Router (DSR), versions 7.x, 8.x
- Oracle Communications EAGLE LNP Application Processor, version 10.x
- Oracle Communications Interactive Session Recorder, versions 5.x, 6.x
- Oracle Communications Messaging Server, version 3.x
- Oracle Communications Network Charging and Control, versions 4.4.1.5.0, 5.0.0.1.0, 5.0.0.2.0, 5.0.1.0.0, 5.0.2.0.0
- Oracle Communications Policy Management, version 12.x
- Oracle Communications Session Border Controller, versions ECz7.x, ECz8.x
- Oracle Communications User Data Repository, versions 10.x, 12.x
- Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18.1, 18.2
- Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7
- Oracle Endeca Information Discovery Studio, versions 3.1, 3.2
- Oracle Enterprise Data Quality, version 12.2.1.3.0
- Oracle Enterprise Repository, versions 11.1.1.7.0, 12.1.3.0.0
- Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3.x, 8.0.x
- Oracle Financial Services Behavior Detection Platform, version 8.0.x
- Oracle Financial Services Funds Transfer Pricing, versions 6.1.1, 8.0.x
- Oracle Financial Services Hedge Management and IFRS Valuations, versions 8.0.4, 8.0.5
- Oracle Financial Services Loan Loss Forecasting and Provisioning, versions 8.0.4, 8.0.5
- Oracle Financial Services Profitability Management, versions 6.1.1, 8.0.x
- Oracle Financial Services Revenue Management and Billing, versions 2.3.0.2.0, 2.4.0.0.0, 2.4.0.1.0, 2.5.0.1.0, 2.5.0.2.0, 2.5.0.3.0
- Oracle FLEXCUBE Enterprise Limits and Collateral Management, versions 12.3.0, 14.0.0, 14.1.0
- Oracle FLEXCUBE Investor Servicing, versions 12.0.4, 12.1.0, 12.3.0, 12.4.0
- Oracle FLEXCUBE Universal Banking, versions 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0, 14.1.0
- Oracle Fusion Middleware, versions 12.2.1.2, 12.2.1.3
- Oracle Fusion Middleware MapViewer, versions 12.2.1.2, 12.2.1.3
- Oracle Global Lifecycle Management OPatchAuto, version All
- Oracle Hospitality Cruise Fleet Management System, version 9.x
- Oracle Hospitality Cruise Shipboard Property Management System, version 8.x
- Oracle Hospitality Gift and Loyalty, version 9.0.0
- Oracle Hospitality OPERA 5 Property Services, version 5.5.x
- Oracle Hospitality Reporting and Analytics, version 9.0.0
- Oracle Hospitality Simphony, versions 2.8, 2.9, 2.10
- Oracle iLearning, version 6.2
- Oracle Insurance Policy Administration, versions 10.0, 10.1, 10.2, 11.0
- Oracle Internet Directory, version 11.1.1.9.0
- Oracle Java SE, versions 6u191, 7u181, 8u172, 10.0.1
- Oracle Java SE Embedded, version 8u171
- Oracle JDeveloper, versions 12.1.3.0.0, 12.2.1.2.0, 12.2.1.3.0
- Oracle JRockit, version R28.3.18
- Oracle Outside In Technology, version 8.5.3
- Oracle Policy Automation, versions 10.4.7, 12.1.0, 12.1.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8, 12.2.9, 12.2.10
- Oracle Policy Automation Connector for Siebel, version 10.4.6
- Oracle Policy Automation for Mobile Devices, versions 10.4.7, 12.1.0, 12.1.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8, 12.2.9, 12.2.10
- Oracle Retail Back Office, versions 14.0, 14.1
- Oracle Retail Bulk Data Integration, version 16.0
- Oracle Retail Central Office, versions 14.0, 14.1
- Oracle Retail Clearance Optimization Engine, version 14.0.5
- Oracle Retail Convenience and Fuel POS Software, version 2.1.132
- Oracle Retail Customer Management and Segmentation Foundation, versions 16.x, 17.x
- Oracle Retail Financial Integration, versions 13.2.x, 14.0.x, 14.1.x, 15.0.x, 16.0.x
- Oracle Retail Integration Bus, versions 12.0.x, 13.0.x, 13.1.x, 13.2.x, 14.0.0 14.1.0, 14.0.x, 14.1.x, 15.0, 15.0.x, 16.0, 16.0.x
- Oracle Retail Order Broker, versions 5.2, 15.0, 16.0
- Oracle Retail Point-of-Sale, versions 14.0, 14.1
- Oracle Retail Point-of-Service, versions 14.0, 14.1
- Oracle Retail Predictive Application Server, version 15.0.3
- Oracle Retail Returns Management, versions 14.0, 14.1
- Oracle Retail Service Backbone, versions 14.0.x, 14.1.x, 15.0.x, 16.0.x
- Oracle Retail Service Layer, versions 12.0.x, 13.0.x, 13.1.x, 13.2.x, 14.0.x
- Oracle Secure Global Desktop, versions 5.3, 5.4
- Oracle SOA Suite, versions 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0, 12.2.1.3.0
- Oracle SuperCluster Specific Software, versions prior to 2.5.0
- Oracle Transportation Management, versions 6.2, 6.3.7, 6.4.1
- Oracle Tuxedo, versions 12.1.1, 12.1.3, 12.2.2
- Oracle Utilities Framework, version 4.3.x
- Oracle Utilities Network Management System, versions 1.12.x, 2.3.x
- Oracle Utilities Work and Asset Management, version 1.9.1.2.12
- Oracle VM VirtualBox, versions prior to 5.2.16
- Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0
- Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.2, 12.2.1.3
- OSS Support Tools, versions prior to 18.3
- PeopleSoft Enterprise CS Financial Aid, versions 9.0, 9.2
- PeopleSoft Enterprise FIN Install, version 9.2
- PeopleSoft Enterprise HCM Human Resources, version 9.2
- PeopleSoft Enterprise PeopleTools, versions 8.55, 8.56
- PeopleSoft HRMS, version 9.2
- Primavera P6 Enterprise Project Portfolio Management, versions 8.4, 15.x, 16.x, 17.x
- Primavera Unifier, versions 16.x, 17.x, 18.x
- Siebel Applications, version 18.0
- Solaris, versions 10, 11.2, 11.3
- Solaris Cluster, versions 3.3, 4.3
- Sun ZFS Storage Appliance Kit (AK), versions prior to 8.7.20
- Tape Library ACSLS, versions Prior to ACSLS 8.4.0-3
CVE References:
CVE-2018-0733, CVE-2018-0739, CVE-2018-1171, CVE-2018-1258, CVE-2018-1270, CVE-2018-1271, CVE-2018-1272, CVE-2018-1275, CVE-2018-1304, CVE-2018-1305, CVE-2018-1327, CVE-2018-2598, CVE-2018-2767, CVE-2018-2881, CVE-2018-2882, CVE-2018-2888, CVE-2018-2891, CVE-2018-2892, CVE-2018-2893, CVE-2018-2894, CVE-2018-2895, CVE-2018-2896, CVE-2018-2897, CVE-2018-2898, CVE-2018-2899, CVE-2018-2900, CVE-2018-2901, CVE-2018-2903, CVE-2018-2904, CVE-2018-2905, CVE-2018-2906, CVE-2018-2907, CVE-2018-2908, CVE-2018-2915, CVE-2018-2916, CVE-2018-2917, CVE-2018-2918, CVE-2018-2919, CVE-2018-2920, CVE-2018-2921, CVE-2018-2923, CVE-2018-2924, CVE-2018-2925, CVE-2018-2926, CVE-2018-2927, CVE-2018-2928, CVE-2018-2929, CVE-2018-2930, CVE-2018-2932, CVE-2018-2933, CVE-2018-2934, CVE-2018-2935, CVE-2018-2936, CVE-2018-2937, CVE-2018-2938, CVE-2018-2939, CVE-2018-2940, CVE-2018-2941, CVE-2018-2942, CVE-2018-2943, CVE-2018-2944, CVE-2018-2945, CVE-2018-2946, CVE-2018-2947, CVE-2018-2948, CVE-2018-2949, CVE-2018-2950, CVE-2018-2951, CVE-2018-2952, CVE-2018-2953, CVE-2018-2954, CVE-2018-2955, CVE-2018-2956, CVE-2018-2957, CVE-2018-2958, CVE-2018-2959, CVE-2018-2960, CVE-2018-2961, CVE-2018-2962, CVE-2018-2963, CVE-2018-2964, CVE-2018-2965, CVE-2018-2966, CVE-2018-2967, CVE-2018-2968, CVE-2018-2969, CVE-2018-2970, CVE-2018-2972, CVE-2018-2973, CVE-2018-2974, CVE-2018-2975, CVE-2018-2976, CVE-2018-2977, CVE-2018-2978, CVE-2018-2979, CVE-2018-2980, CVE-2018-2981, CVE-2018-2982, CVE-2018-2984, CVE-2018-2985, CVE-2018-2986, CVE-2018-2987, CVE-2018-2988, CVE-2018-2989, CVE-2018-2990, CVE-2018-2991, CVE-2018-2992, CVE-2018-2993, CVE-2018-2994, CVE-2018-2995, CVE-2018-2996, CVE-2018-2997, CVE-2018-2998, CVE-2018-2999, CVE-2018-3000, CVE-2018-3001, CVE-2018-3002, CVE-2018-3003, CVE-2018-3004, CVE-2018-3005, CVE-2018-3006, CVE-2018-3007, CVE-2018-3008, CVE-2018-3009, CVE-2018-3010, CVE-2018-3012, CVE-2018-3013, CVE-2018-3014, CVE-2018-3015, CVE-2018-3016, CVE-2018-3017, CVE-2018-3018, CVE-2018-3019, CVE-2018-3020, CVE-2018-3021, CVE-2018-3022, CVE-2018-3023, CVE-2018-3024, CVE-2018-3025, CVE-2018-3026, CVE-2018-3027, CVE-2018-3028, CVE-2018-3029, CVE-2018-3030, CVE-2018-3031, CVE-2018-3032, CVE-2018-3033, CVE-2018-3034, CVE-2018-3035, CVE-2018-3036, CVE-2018-3037, CVE-2018-3038, CVE-2018-3039, CVE-2018-3040, CVE-2018-3041, CVE-2018-3042, CVE-2018-3043, CVE-2018-3044, CVE-2018-3045, CVE-2018-3046, CVE-2018-3047, CVE-2018-3048, CVE-2018-3049, CVE-2018-3050, CVE-2018-3051, CVE-2018-3052, CVE-2018-3053, CVE-2018-3054, CVE-2018-3055, CVE-2018-3056, CVE-2018-3057, CVE-2018-3058, CVE-2018-3060, CVE-2018-3061, CVE-2018-3062, CVE-2018-3063, CVE-2018-3064, CVE-2018-3065, CVE-2018-3066, CVE-2018-3067, CVE-2018-3068, CVE-2018-3069, CVE-2018-3070, CVE-2018-3071, CVE-2018-3072, CVE-2018-3073, CVE-2018-3074, CVE-2018-3075, CVE-2018-3076, CVE-2018-3077, CVE-2018-3078, CVE-2018-3079, CVE-2018-3080, CVE-2018-3081, CVE-2018-3082, CVE-2018-3084, CVE-2018-3085, CVE-2018-3086, CVE-2018-3087, CVE-2018-3088, CVE-2018-3089, CVE-2018-3090, CVE-2018-3091, CVE-2018-3092, CVE-2018-3093, CVE-2018-3094, CVE-2018-3095, CVE-2018-3096, CVE-2018-3097, CVE-2018-3098, CVE-2018-3099, CVE-2018-3100, CVE-2018-3101, CVE-2018-3102, CVE-2018-3103, CVE-2018-3104, CVE-2018-3105, CVE-2018-3108, CVE-2018-3109, CVE-2018-3639, CVE-2018-3640, CVE-2018-7489, CVE-2018-8013, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000300, CVE-2018-1000
Suggested action
CCIRC recommends that system administrators identify their affected assets and potential interdependencies with their organization’s critical services, and follow their patch management process accordingly.
References
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html