Oracle Critical Patch update Advisory – July 2017

Number: AV17-105
Date: 18 July 2017

Purpose

The purpose of this advisory is to bring attention to the following critical patch updates released for Oracle.

Assessment

Oracle has issued a Critical Patch Update (CPU) which addresses 308 new security fixes across multiple Oracle products and versions.

Products affected:

  • Application Management Pack for Oracle E-Business Suite, versions AMP 12.1.0.4.0, AMP 13.1.1.1.0
  • Enterprise Manager Base Platform, versions 12.1.0, 13.1.0, 13.2.0
  • Enterprise Manager Ops Center, versions 12.2.2, 12.3.2
  • Financial Services Behavior Detection Platform, versions 8.0.1, 8.0.2
  • Hospitality Hotel Mobile, versions 1.01, 1.05, 1.1
  • Hospitality Property Interfaces, version 8.10.x
  • Hospitality Suite8, version 8.10.x
  • Hospitality WebSuite8 Cloud Service, versions 8.9.6, 8.10.x
  • Hyperion Essbase, version 12.2.1.1
  • Java Advanced Management Console, version 2.6
  • MICROS BellaVita, version 2.7.x
  • MICROS PC Workstation 2015, versions Prior to O1302h
  • MICROS Workstation 650, versions Prior to E1500n
  • MySQL Cluster, versions 7.3.5 and prior
  • MySQL Connectors, versions 5.3.7 and prior, 6.1.10 and prior
  • MySQL Enterprise Monitor, versions 3.1.5.7958 and prior, 3.2.5.1141 and prior, 3.2.7.1204 and prior, 3.3.2.1162 and prior, 3.3.3.1199 and prior
  • MySQL Server, versions 5.5.56 and prior, 5.6.36 and prior, 5.7.18 and prior
  • Oracle Agile PLM, versions 9.3.5, 9.3.6
  • Oracle API Gateway, version 11.1.2.4.0
  • Oracle Application Testing Suite, versions 12.5.0.2, 12.5.0.3
  • Oracle Banking Platform, versions 2.3, 2.4, 2.4.1, 2.5
  • Oracle BI Publisher, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0
  • Oracle Business Intelligence Enterprise Edition, versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0
  • Oracle Business Transaction Management, versions 11.1.x, 12.1.x
  • Oracle Commerce Guided Search / Oracle Commerce Experience Manager, versions 6.1.4, 11.0, 11.1, 11.2
  • Oracle Communications BRM, versions 11.2.0.0.0, 11.3.0.0.0
  • Oracle Communications Convergence, versions 3.0, 3.0.1
  • Oracle Communications EAGLE LNP Application Processor, version 10.0
  • Oracle Communications Network Charging and Control, versions 4.4.1.5, 5.0.0.1, 5.0.0.2, 5.0.1.0, 5.0.2.0
  • Oracle Communications Policy Management, version 11.5
  • Oracle Communications Session Router, versions ECZ730, SCZ730, SCZ740
  • Oracle Configuration Manager, versions prior to 12.1.2.0.4
  • Oracle Data Integrator, versions 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0
  • Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1
  • Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6
  • Oracle Endeca Server, versions 7.3.0.0, 7.4.0.0, 7.5.0.0, 7.5.1.0, 7.6.0.0, 7.6.1.0, 7.7.0.0
  • Oracle Enterprise Communications Broker, version PCZ210
  • Oracle Enterprise Data Quality, version 8.1.13.0.0
  • Oracle Enterprise Repository, versions 11.1.1.7.0, 12.1.3.0.0
  • Oracle Enterprise Session Border Controller, version ECZ7.3.0
  • Oracle Explorer, versions prior to 8.16
  • Oracle FLEXCUBE Direct Banking, versions 12.0.2, 12.0.3
  • Oracle FLEXCUBE Private Banking, versions 2.0.0, 2.0.1, 2.2.0, 12.0.1
  • Oracle FLEXCUBE Universal Banking, versions 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0
  • Oracle Fusion Applications, versions 11.1.2 through 11.1.9
  • Oracle Fusion Middleware, versions 11.1.1.7, 11.1.1.9, 11.1.2.2, 11.1.2.3, 12.1.3.0, 12.2.1.1, 12.2.1.2
  • Oracle Hospitality 9700, version 4.0
  • Oracle Hospitality Cruise AffairWhere, version 2.2.05.062
  • Oracle Hospitality Cruise Dining Room Management, version 8.0.75
  • Oracle Hospitality Cruise Fleet Management, version 9.0
  • Oracle Hospitality Cruise Materials Management, version 7.30.562
  • Oracle Hospitality Cruise Shipboard Property Management System, version 8.0.0.0
  • Oracle Hospitality e7, version 4.2.1
  • Oracle Hospitality Guest Access, versions 4.2.0.0, 4.2.1.0
  • Oracle Hospitality Inventory Management, versions 8.5.1, 9.0.0
  • Oracle Hospitality Materials Control, version 8.31.4, 8.32.0
  • Oracle Hospitality OPERA 5 Property Services, versions 5.4.0.x, 5.4.1.x, 5.4.3.x
  • Oracle Hospitality Reporting and Analytics, versions 8.5.1, 9.0.0
  • Oracle Hospitality RES 3700, version 5.5
  • Oracle Hospitality Simphony First Edition Venue Management, version 3.9
  • Oracle Hospitality Simphony First Edition, version 1.7.1
  • Oracle Hospitality Simphony, versions 2.8, 2.9
  • Oracle Hospitality Suites Management, version 3.7
  • Oracle iLearning, version 6.2
  • Oracle Java SE Embedded, version 8u131
  • Oracle Java SE, versions 6u151, 7u141, 8u131
  • Oracle JRockit, version R28.3.14
  • Oracle OpenSSO, version 3.0.0.8
  • Oracle Outside In Technology, version 8.5.3.0
  • Oracle Payment Interface, version 6.1.1
  • Oracle Policy Automation, versions 12.1.0, 12.1.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3
  • Oracle REST Data Services, versions prior to 3.0.10.25.02.36
  • Oracle Retail Allocation, versions 13.3.1, 14.0.4, 14.1.3, 15.0.1, 16.0.1
  • Oracle Retail Customer Insights, versions 15.0, 16.0
  • Oracle Retail Open Commerce Platform, versions 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0, 15.1
  • Oracle Retail Warehouse Management System, versions 14.0.4, 14.1.3, 15.0.1
  • Oracle Retail Workforce Management, versions 1.60.7, 1.64.0
  • Oracle Retail Xstore Point of Service, versions 6.0.x, 6.5.x, 7.0.x, 7.1.x, 15.0.x, 16.0.0
  • Oracle Secure Enterprise Search, version 11.2.2.2.0
  • Oracle Service Bus, version 11.1.1.9.0
  • Oracle Traffic Director, versions 11.1.1.7.0, 11.1.1.9.0
  • Oracle Transportation Management, versions 6.1, 6.2, 6.3.4.1, 6.3.5.1, 6.3.6.1, 6.3.7.1, 6.4.0, 6.4.1, 6.4.2
  • Oracle Tuxedo System and Applications Monitor, versions 11.1.1.2.0, 11.1.1.2.1, 11.1.1.2.2, 12.1.1.1.0, 12.1.3.0.0, 12.2.2.0.0
  • Oracle Tuxedo, version 12.1.1
  • Oracle VM VirtualBox, versions prior to 5.1.24
  • Oracle WebCenter Content, versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0
  • Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.1, 12.2.1.2
  • PeopleSoft Enterprise FSCM, version 9.2
  • PeopleSoft Enterprise PeopleTools, versions 8.54, 8.55
  • PeopleSoft Enterprise PRTL Interaction Hub, version 9.1.0
  • Primavera Gateway, versions 1.0, 1.1, 14.2, 15.1, 15.2, 16.1, 16.2
  • Primavera P6 Enterprise Project Portfolio Management, versions 8.3, 8.4, 15.1, 15.2, 16.1, 16.2
  • Primavera Unifier, versions 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1, 16.2
  • Siebel Applications, versions 16.0, 17.0
  • Solaris Cluster, version 4
  • Solaris, versions 10, 11
  • Sun ZFS Storage Appliance Kit (AK), version AK 2013

CVE References:
CVE-2013-2027, CVE-2014-0224, CVE-2014-1912, CVE-2014-3566, CVE-2014-3571, CVE-2015-0235, CVE-2015-0254, CVE-2015-0286, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3195, CVE-2015-3197, CVE-2015-3253, CVE-2015-5254, CVE-2015-7501, CVE-2015-7940, CVE-2015-8607, CVE-2015-8608, CVE-2016-0635, CVE-2016-1181, CVE-2016-1950, CVE-2016-1979, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-2381, CVE-2016-2834, CVE-2016-3092, CVE-2016-3506, CVE-2016-4430, CVE-2016-4431, CVE-2016-4433, CVE-2016-4436, CVE-2016-4438, CVE-2016-4465, CVE-2016-5019, CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309, CVE-2016-6814, CVE-2016-7052, CVE-2016-7055, CVE-2017-3529, CVE-2017-3562, CVE-2017-3632, CVE-2017-3633, CVE-2017-3634, CVE-2017-3635, CVE-2017-3636, CVE-2017-3637, CVE-2017-3638, CVE-2017-3639, CVE-2017-3640, CVE-2017-3641, CVE-2017-3642, CVE-2017-3643, CVE-2017-3644, CVE-2017-3645, CVE-2017-3646, CVE-2017-3647, CVE-2017-3648, CVE-2017-3649, CVE-2017-3650, CVE-2017-3651, CVE-2017-3652, CVE-2017-3653, CVE-2017-3731, CVE-2017-3732, CVE-2017-5638, CVE-2017-5647, CVE-2017-5650, CVE-2017-5651, CVE-2017-5689, CVE-2017-10000, CVE-2017-10001, CVE-2017-10002, CVE-2017-10003, CVE-2017-10004, CVE-2017-10005, CVE-2017-10006, CVE-2017-10007, CVE-2017-10008, CVE-2017-10009, CVE-2017-10010, CVE-2017-10011, CVE-2017-10012, CVE-2017-10013, CVE-2017-10015, CVE-2017-10016, CVE-2017-10017, CVE-2017-10018, CVE-2017-10019, CVE-2017-10020, CVE-2017-10021, CVE-2017-10022, CVE-2017-10023, CVE-2017-10024, CVE-2017-10025, CVE-2017-10027, CVE-2017-10028, CVE-2017-10029, CVE-2017-10030, CVE-2017-10031, CVE-2017-10032, CVE-2017-10035, CVE-2017-10036, CVE-2017-10038, CVE-2017-10039, CVE-2017-10040, CVE-2017-10041, CVE-2017-10042, CVE-2017-10043, CVE-2017-10044, CVE-2017-10045, CVE-2017-10046, CVE-2017-10047, CVE-2017-10048, CVE-2017-10049, CVE-2017-10052, CVE-2017-10053, CVE-2017-10056, CVE-2017-10057, CVE-2017-10058, CVE-2017-10059, CVE-2017-10061, CVE-2017-10062, CVE-2017-10063, CVE-2017-10064, CVE-2017-10067, CVE-2017-10069, CVE-2017-10070, CVE-2017-10071, CVE-2017-10072, CVE-2017-10073, CVE-2017-10074, CVE-2017-10075, CVE-2017-10076, CVE-2017-10078, CVE-2017-10079, CVE-2017-10080, CVE-2017-10081, CVE-2017-10082, CVE-2017-10083, CVE-2017-10084, CVE-2017-10085, CVE-2017-10086, CVE-2017-10087, CVE-2017-10088, CVE-2017-10089, CVE-2017-10090, CVE-2017-10091, CVE-2017-10092, CVE-2017-10093, CVE-2017-10094, CVE-2017-10095, CVE-2017-10096, CVE-2017-10097, CVE-2017-10098, CVE-2017-10100, CVE-2017-10101, CVE-2017-10102, CVE-2017-10103, CVE-2017-10104, CVE-2017-10105, CVE-2017-10106, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10112, CVE-2017-10113, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10117, CVE-2017-10118, CVE-2017-10119, CVE-2017-10120, CVE-2017-10121, CVE-2017-10122, CVE-2017-10123, CVE-2017-10125, CVE-2017-10126, CVE-2017-10128, CVE-2017-10129, CVE-2017-10130, CVE-2017-10131, CVE-2017-10132, CVE-2017-10133, CVE-2017-10134, CVE-2017-10135, CVE-2017-10136, CVE-2017-10137, CVE-2017-10141, CVE-2017-10142, CVE-2017-10143, CVE-2017-10144, CVE-2017-10145, CVE-2017-10146, CVE-2017-10147, CVE-2017-10148, CVE-2017-10149, CVE-2017-10150, CVE-2017-10156, CVE-2017-10157, CVE-2017-10160, CVE-2017-10168, CVE-2017-10169, CVE-2017-10170, CVE-2017-10171, CVE-2017-10172, CVE-2017-10173, CVE-2017-10174, CVE-2017-10175, CVE-2017-10176, CVE-2017-10177, CVE-2017-10178, CVE-2017-10179, CVE-2017-10180, CVE-2017-10181, CVE-2017-10182, CVE-2017-10183, CVE-2017-10184, CVE-2017-10185, CVE-2017-10186, CVE-2017-10187, CVE-2017-10188, CVE-2017-10189, CVE-2017-10191, CVE-2017-10192, CVE-2017-10193, CVE-2017-10195, CVE-2017-10196, CVE-2017-10198, CVE-2017-10199, CVE-2017-10200, CVE-2017-10201, CVE-2017-10202, CVE-2017-10204, CVE-2017-10205, CVE-2017-10206, CVE-2017-10207, CVE-2017-10208, CVE-2017-10209, CVE-2017-10210, CVE-2017-10211, CVE-2017-10212, CVE-2017-10213, CVE-2017-10214, CVE-2017-10215, CVE-2017-10216, CVE-2017-10217, CVE-2017-10218, CVE-2017-10219, CVE-2017-10220, CVE-2017-10221, CVE-2017-10222, CVE-2017-10223, CVE-2017-10224, CVE-2017-10225, CVE-2017-10226, CVE-2017-10228, CVE-2017-10229, CVE-2017-10230, CVE-2017-10231, CVE-2017-10232, CVE-2017-10233, CVE-2017-10234, CVE-2017-10235, CVE-2017-10236, CVE-2017-10237, CVE-2017-10238, CVE-2017-10239, CVE-2017-10240, CVE-2017-10241, CVE-2017-10242, CVE-2017-10243, CVE-2017-10244, CVE-2017-10245, CVE-2017-10246, CVE-2017-10247, CVE-2017-10248, CVE-2017-10249, CVE-2017-10250, CVE-2017-10251, CVE-2017-10252, CVE-2017-10253, CVE-2017-10254, CVE-2017-10255, CVE-2017-10256, CVE-2017-10257, CVE-2017-10258

Suggested action

CCIRC recommends that system administrators identify their affected assets and potential interdependencies with their organization's critical services, and follow their patch management process accordingly.

References

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Date modified: