Number: AV16-011
Date: 19 January 2016
Purpose
The purpose of this advisory is to bring attention to the following critical patch updates released for Oracle.
Assessment
Oracle has issued a Critical Patch Update (CPU) which addresses 248 new security fixes across multiple Oracle products and versions.
Products affected:
- Application Mgmt Pack for EBusiness Suite, version(s) 12.1, 12.2
- Enterprise Manager Base Platform, version(s) 11.1.0.1, 11.2.0.4, 12.1.0.4, 12.1.0.5
- Enterprise Manager Ops Center, version(s) prior to 12.1.4, 12.2.0, 12.2.1, 12.3.0
- JD Edwards EnterpriseOne Tools, version(s) 9.1, 9.2
- MICROS CWDirect, version(s) 12.5, 13.0, 14.0, 15.0, 16.0, 17.0 18.0
- MySQL Server, version(s) 5.5.46 and prior, 5.6.27 and prior, 5.7.9
- Oracle Agile Engineering Data Management, version(s) 6.1.2.2, 6.1.3.0, 6.2.0.0
- Oracle Agile PLM, version(s) 9.3.1.1, 9.3.1.2, 9.3.2, 9.3.3
- Oracle Application Testing Suite, version(s) 12.4.0.2, 12.5.0.2
- Oracle BI Publisher, version(s) 11.1.1.7.0, 11.1.1.9.0, 12.2.1.0.0
- Oracle Business Intelligence Enterprise Edition, version(s) 11.1.1.7.0, 11.1.1.9.0
- Oracle Communications Converged Application Server Service Controller, version(s) 6.1
- Oracle Communications EAGLE LNP Application Processor, version(s) 10.0
- Oracle Communications Online Mediation Controller, version(s) 6.1
- Oracle Communications Service Broker Engineered System Edition, version(s) 6.0
- Oracle Communications Service Broker, version(s) 6.0, 6.1
- Oracle Configurator, version(s) 11.5.10.2, 12.1, 12.2
- Oracle Database Server, version(s) 11.2.0.4, 12.1.0.1, 12.1.0.2
- Oracle EBusiness Suite, version(s) 11.5.10.2, 12.1, 12.1.1, 12.1.2, 12.1.3, 12.2, 12.2.3, 12.2.4, 12.2.5
- Oracle Endeca Server, version(s) 7.3.0.0, 7.4.0.0, 7.5.0.0, 7.6.0.0
- Oracle Fusion Applications, version(s) 11.1.2 through 11.1.10
- Oracle Fusion Middleware, version(s) 10.1.3.5, 11.1.1.7, 11.1.1.8, 11.1.1.9, 11.1.2.2, 11.1.2.3, 12.1.2.0, 12.1.3.0, 12.2.1
- Oracle GlassFish Server, version(s) 3.1.2
- Oracle GoldenGate, version(s) 11.2, 12.1.2
- Oracle Identity Federation, version(s) 11.1.1.7, 11.1.2.2
- Oracle iLearning, version(s) 6.0, 6.1
- Oracle Java SE Embedded, version(s) 8u65
- Oracle Java SE, version(s) 6u105, 7u91, 8u66
- Oracle JRockit, version(s) R28.3.8
- Oracle Outside In Technology, version(s) 8.5.0, 8.5.1, 8.5.2
- Oracle Retail Open Commerce Platform Cloud Service, version(s) 3.5, 4.5, 4.7, 5.0
- Oracle Retail Order Broker Cloud Service, version(s) 4.0, 4.1.
- Oracle Retail Order Management System Cloud Service, version(s) 3.5, 4.5, 4.7, 5.0, 15.0
- Oracle Retail PointofService, version(s) 13.4, 14.0, 14.1
- Oracle Secure Global Desktop, version(s) 4.63, 4.71, 5.2
- Oracle Switch ES124, version(s) prior to 1.3.1.13
- Oracle Tuxedo, version(s) 12.1.1.0
- Oracle VM VirtualBox, version(s) prior to 4.0.36, prior to 4.1.44, prior to 4.2.36, prior to 4.3.36, prior to 5.0.14
- Oracle Web Cache, version(s) 11.1.1.7.0, 11.1.1.9.0
- Oracle WebCenter Sites, version(s) 7.6.2, 11.1.1.8.0
- Oracle WebLogic Portal, version(s) 10.3.6
- Oracle WebLogic Server, version(s) 10.3.6, 12.1.2, 12.1.3, 12.2.1
- PeopleSoft Enterprise HCM Global Payroll Switzerland, version(s) 9.1, 9.2
- PeopleSoft Enterprise PeopleTools, version(s) 8.53, 8.54, 8.55
- PeopleSoft Enterprise SCM eProcurement, version(s) 9.1, 9.2
- PeopleSoft Enterprise SCM Order Management, version(s) 9.1, 9.2
- PeopleSoft Enterprise SCM Purchasing, version(s) 9.1, 9.2
- Solaris Cluster, version(s) 3.3, 4, 4.2
- Solaris, version(s) 10, 11
- Sun Blade 6000 Ethernet Switched NEM 24P 10GE, version(s) prior to 1.2.2.13
- Sun Network 10GE Switch 72p, version(s) prior to 1.2.2.15
Suggested Action
CCIRC recommends that system administrators identify their affected assets and potential interdependencies with their organization’s critical services, and follow their patch management process accordingly.
References:
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html