Number: AV16-065
Date: 19 April 2016
Purpose
The purpose of this advisory is to bring attention to the following critical patch updates released for Oracle.
Assessment
Oracle has issued a Critical Patch Update (CPU) which addresses 136 new security fixes across multiple Oracle products and versions.
Products affected:
- Fujitsu M10-1, M10-4, M10-4S Servers, version(s) prior to XCP 2290
- JD Edwards EnterpriseOne Tools, version(s) 9.1, 9.2
- MySQL Enterprise Monitor, version(s) 3.0.25 and prior, 3.1.2 and prior
- MySQL Server, version(s) 5.5.48 and prior, 5.6.29 and prior, 5.7.11 and prior
- Oracle Agile Engineering Data Management, version(s) 6.1.3.0, 6.2.0.0
- Oracle Agile PLM, version(s) 9.3.1.1, 9.3.1.2, 9.3.2, 9.3.3
- Oracle API Gateway, version(s) 11.1.2.3.0, 11.1.2.4.0
- Oracle Application Testing Suite, version(s) 12.4.0.2, 12.5.0.2
- Oracle Berkeley DB, version(s) 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, 12.1.6.1.26
- Oracle BI Publisher, version(s) 12.2.1.0.0
- Oracle Business Intelligence Enterprise Edition, version(s) 11.1.1.7.0, 11.1.1.9.0, 12.2.1.0.0
- Oracle Communications User Data Repository, version(s) 10.0.1
- Oracle Complex Maintenance, Repair, and Overhaul, version(s) 11.5.10.2, 12.1.1, 12.1.2, 12.1.3
- Oracle Configurator, version(s) 12.0.6, 12.1, 12.2
- Oracle Database Server, version(s) 11.2.0.4, 12.1.0.1, 12.1.0.2
- Oracle E-Business Suite, version(s) 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5
- Oracle Ethernet Switch ES2-72, Oracle Ethernet Switch ES2-64, version(s) prior to 2.0.0.6
- Oracle Exalogic Infrastructure, version(s) 1.0, 2.0
- Oracle FLEXCUBE Direct Banking, version(s) 12.0.2, 12.0.3
- Oracle GlassFish Server, version(s) 2.1.1
- Oracle HTTP Server, version(s) 12.1.2.0, 12.1.3.0
- Oracle iPlanet Web Proxy Server, version(s) 4.0
- Oracle iPlanet Web Server, version(s) 7.0
- Oracle Java SE Embedded, version(s) 8u77
- Oracle Java SE, version(s) 6u113, 7u99, 8u77
- Oracle JRockit, version(s) R28.3.9
- Oracle Life Sciences Data Hub, version(s) 2.1
- Oracle OpenSSO, version(s) 3.0-0.7
- Oracle Outside In Technology, version(s) 8.5.0, 8.5.1, 8.5.2
- Oracle Retail MICROS ARS POS, version(s) 1.5
- Oracle Retail MICROS C2, version(s) 9.89.0.0
- Oracle Retail Xstore Point of Service, version(s) 5.0, 5.5, 6.0, 6.5, 7.0, 7.1
- Oracle Traffic Director, version(s) 11.1.1.7.0, 11.1.1.9.0
- Oracle Transportation Management, version(s) 6.1, 6.2
- Oracle Tuxedo, version(s) 12.1.1.0
- Oracle VM VirtualBox, version(s) prior to 4.3.36, prior to 5.0.18
- Oracle WebCenter Sites, version(s) 11.1.1.8.0, 12.2.1
- Oracle WebLogic Server, version(s) 10.3.6, 12.1.2, 12.1.3, 12.2.1
- OSS Support Tools Oracle Explorer, version(s) 10
- PeopleSoft Enterprise HCM ePerformance, version(s) 9.2
- PeopleSoft Enterprise HCM, version(s) 9.1, 9.2
- PeopleSoft Enterprise PeopleTools, version(s) 8, 8.53, 8.54, 8.55, 54
- PeopleSoft Enterprise SCM, version(s) 9.1, 9.2
- Siebel Applications, version(s) 8.1.1, 8.2.2
- Solaris Cluster, version(s) 4.2
- Solaris, version(s) 10, 11.3
- SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers, version(s) prior to XCP 1121
- Sun Ray Software, version(s) 11.1
- Sun Storage Common Array Manager, version(s) 6.9.0
Suggested Action
CCIRC recommends that system administrators identify their affected assets and potential interdependencies with their organization’s critical services, and follow their patch management process accordingly.
References:
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html