Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Oracle Critical Patch updates

Number: AV18-012
Date: 17 January 2018

Purpose

The purpose of this advisory is to bring attention to the quarterly updates released for Oracle.

Assessment

Oracle has issued a Critical Patch Update which addresses multiple new security fixes across multiple Oracle products and versions.

Affected Product Versions:

  • Agile Material and Equipment Management for Pharmaceuticals, versions 9.3.3, 9.3.4   
  • Application Express, versions prior to 5.1.4.00.08
  • Converged Commerce, version 16.0.1
  • Hyperion BI+, version 11.1.2.4
  • Hyperion Data Relationship Management, version 11.1.2.4.330
  • Integrated Lights Out Manager (ILOM), versions 3.x, 4.x   
  • Java Advanced Management Console, version 2.8         
  • Java ME SDK, version 8.3         
  • JD Edwards EnterpriseOne Tools, version 9.2   
  • MICROS Handheld Terminal, versions Prior to BSP 02.13.0701 (070116) 
  • MICROS Relate CRM Software, versions 10.8.x, 11.4.x, 15.0.x  
  • MICROS Retail XBRi Loss Prevention, versions 10.0.1, 10.5.0, 10.6.0, 10.7.0, 10.8.0, 10.8.1
  • MySQL Connectors, versions 5.3.9 and prior, 6.9.9 and prior, 6.10.4 and prior    
  • MySQL Enterprise Monitor, versions 3.3.6.3293 and prior, 3.4.4.4226 and prior, 4.0.0.5135 and prior         
  • MySQL Server, versions 5.5.58 and prior, 5.6.38 and prior, 5.7.20 and prior         
  • Oracle Access Manager, versions 10.1.4.3.0, 11.1.2.3.0
  • Oracle Agile Engineering Data Management, versions 6.1.3, 6.2.0, 6.2.1
  • Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6      
  • Oracle Agile PLM MCAD Connector, versions 3.3, 3.4, 3.5, 3.6  
  • Oracle Argus Safety, versions 7.x, 8.0.x, 8.1     
  • Oracle Autovue for Agile Product Lifecycle Management, versions 21.0.0, 21.0.1   
  • Oracle Banking Corporate Lending, versions 12.3.0, 12.4.0        
  • Oracle Banking Payments, versions 12.3.0, 12.4.0         
  • Oracle Business Intelligence Enterprise Edition, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0         
  • Oracle Communications Application Session Controller, version 3.x        
  • Oracle Communications BRM - Elastic Charging Engine, version 7.5        
  • Oracle Communications Convergent Charging Controller, version 6.0    
  • Oracle Communications Network Charging and Control, version 6.0      
  • Oracle Communications Order and Service Management, versions 7.2.4.1.x, 7.2.4.2.x, 7.3.0.1.x, 7.3.0.x.x        
  • Oracle Communications Services Gatekeeper, versions 5.1, 6.0
  • Oracle Communications Unified Inventory Management, versions 7.2.4.2.x, 7.3
  • Oracle Communications User Data Repository, versions 10.x, 12.x         
  • Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1    
  • Oracle Directory Server Enterprise Edition, version 11.1.1.7.0   
  • Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7      
  • Oracle Endeca Information Discovery Integrator, versions 3.1.0, 3.2.0  
  • Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.5.x, 8.0.x    
  • Oracle Financial Services Analytical Applications Reconciliation Framework, version 8.0.x   
  • Oracle Financial Services Asset Liability Management, versions 6.1.x, 8.0.x
  • Oracle Financial Services Balance Sheet Planning, version 8.0.x 
  • Oracle Financial Services Funds Transfer Pricing, versions 6.1.x, 8.0.x     
  • Oracle Financial Services Hedge Management and IFRS Valuations, version 8.0.x
  • Oracle Financial Services Liquidity Risk Management, version 8.0.x         
  • Oracle Financial Services Loan Loss Forecasting and Provisioning, version 8.0.x  
  • Oracle Financial Services Market Risk, version 8.0.x      
  • Oracle Financial Services Market Risk Measurement and Management, version 8.0.5      
  • Oracle Financial Services Price Creation and Discovery, version 8.0.5     
  • Oracle Financial Services Profitability Management, versions 6.1.x, 8.0.x   
  • Oracle FLEXCUBE Direct Banking, versions 12.0.2, 12.0.3 
  • Oracle FLEXCUBE Universal Banking, versions 11.3.0, 11.4.0, 11.5.0, 11.6.0, 11.7.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0   
  • Oracle Fusion Applications, versions 11.1.2 through 11.1.9        
  • Oracle Fusion Middleware, versions 11.1.1.7, 11.1.1.9, 11.1.2.3, 12.1.3.0, 12.2.1.2, 12.2.1.3       
  • Oracle Health Sciences Empirica Inspections, version 1.0.1.1     
  • Oracle Health Sciences Empirica Signal, version 8.0.1.0
  • Oracle Hospitality Cruise Dining Room Management, version 8.0.78      
  • Oracle Hospitality Cruise Fleet Management, version 9.0.4.0     
  • Oracle Hospitality Cruise Shipboard Property Management System, version 7.3.874         
  • Oracle Hospitality Guest Access, versions 4.2.0, 4.2.1   
  • Oracle Hospitality Labor Management, versions 8.5.1, 9.0.0      
  • Oracle Hospitality Reporting and Analytics, versions 8.5.1, 9.0.0
  • Oracle Hospitality Simphony, versions 2.7, 2.8, 2.9        
  • Oracle HTTP Server, versions 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0, 12.2.1.3.0    
  • Oracle Hyperion Planning, version 11.1.2.4.007
  • Oracle Identity Manager, version 11.1.2.3.0     
  • Oracle Identity Manager Connector, versions 9.0.4.20.6, 9.0.4.21.0, 9.0.4.25.4 
  • Oracle Internet Directory, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.3.0     
  • Oracle iPlanet Web Server, version 7.0Oracle Java SE, versions 6u171, 7u161, 8u152, 9.0.1
  • Oracle Java SE Embedded, version 8u151
  • Oracle JDeveloper, versions 11.1.1.2.4, 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.2.0      
  • Oracle JRockit, version R28.3.16
  • Oracle Mobile Security Suite, version 3.0.1       
  • Oracle Retail Assortment Planning, versions 14.1.3, 15.0.3, 16.0.1
  • Oracle Retail Convenience and Fuel POS Software, version 2.1.132         
  • Oracle Retail Customer Management and Segmentation Foundation, versions 10.8.x, 11.4.x, 15.0.x, 16.0.x   
  • Oracle Retail Fiscal Management, version 14.1
  • Oracle Retail Merchandising System, version 16.0         
  • Oracle Retail Workforce Management, versions 1.60.7, 1.64.0 
  • Oracle Secure Global Desktop (SGD), version 5.3  
  • Oracle Transportation Management, versions 6.2.11, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.1, 6.4.2, 6.4.3       
  • Oracle Tuxedo System and Applications Monitor, version 12.1.3.0.0       
  • Oracle VM VirtualBox, versions prior to 5.1.32, prior to 5.2.6    
  • Oracle WebCenter Content, versions 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0 
  • Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0     
  • Oracle WebCenter Sites, version 11.1.1.8.0      
  • Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.2.0, 12.2.1.3.0 
  • Oracle X86 Servers, versions SW 1.x, SW 2.x     
  • OSS Support Tools, versions prior to 2.11.33    
  • PeopleSoft Enterprise FIN Supply Chain Portal Pack Argentina, version 9.1 
  • PeopleSoft Enterprise FIN Supply Chain Portal Pack Brazil, version 9.1    
  • PeopleSoft Enterprise FSCM, version 9.2 
  • PeopleSoft Enterprise HCM Human Resources, versions 9.1, 9.2
  • PeopleSoft Enterprise PeopleTools, versions 8.54, 8.55, 8.56    
  • PeopleSoft Enterprise PRTL Interaction Hub, version 9.1.00       
  • PeopleSoft Enterprise SCM eProcurement, versions 9.1, 9.2      
  • PeopleSoft Enterprise SCM Purchasing, version 9.2       
  • Primavera Unifier, versions 10.x, 15.x, 16.x, 17.x 
  • Siebel Applications, versions 16.0, 17.0
  • Solaris, versions 10, 11.3         
  • Sun ZFS Storage Appliance Kit (AK), versions prior to 8.7.13        

CVE References: CVE-2013-2566, CVE-2014-0114, CVE-2014-7817, CVE-2014-9402, CVE-2015-0293, CVE-2015-1472, CVE-2015-2808, CVE-2015-3195, CVE-2015-3253, CVE-2015-4852, CVE-2015-7501, CVE-2015-7547, CVE-2015-7940, CVE-2016-0635, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800, CVE-2016-1181, CVE-2016-1182, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-2518, CVE-2016-2550, CVE-2016-4449, CVE-2016-5385, CVE-2016-5387, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309, CVE-2016-6814, CVE-2016-7052, CVE-2016-7055, CVE-2016-7977, CVE-2016-8735, CVE-2016-9878, CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732, CVE-2017-3733, CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738, CVE-2017-5461, CVE-2017-5645, CVE-2017-5664, CVE-2017-5715, CVE-2017-9072, CVE-2017-9798, CVE-2017-10068, CVE-2017-10262, CVE-2017-10273, CVE-2017-10282, CVE-2017-10301, CVE-2017-10352, CVE-2017-12617, CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2018-2560, CVE-2018-2561, CVE-2018-2562, CVE-2018-2564, CVE-2018-2565, CVE-2018-2566, CVE-2018-2567, CVE-2018-2568, CVE-2018-2569, CVE-2018-2570, CVE-2018-2571, CVE-2018-2573, CVE-2018-2574, CVE-2018-2575, CVE-2018-2576, CVE-2018-2577, CVE-2018-2578, CVE-2018-2579, CVE-2018-2580, CVE-2018-2581, CVE-2018-2582, CVE-2018-2583, CVE-2018-2584, CVE-2018-2585, CVE-2018-2586, CVE-2018-2588, CVE-2018-2589, CVE-2018-2590, CVE-2018-2591, CVE-2018-2592, CVE-2018-2593, CVE-2018-2594, CVE-2018-2595, CVE-2018-2596, CVE-2018-2597, CVE-2018-2599, CVE-2018-2600, CVE-2018-2601, CVE-2018-2602, CVE-2018-2603, CVE-2018-2604, CVE-2018-2605, CVE-2018-2606, CVE-2018-2607, CVE-2018-2608, CVE-2018-2609, CVE-2018-2610, CVE-2018-2611, CVE-2018-2612, CVE-2018-2613, CVE-2018-2614, CVE-2018-2615, CVE-2018-2616, CVE-2018-2617, CVE-2018-2618, CVE-2018-2619, CVE-2018-2620, CVE-2018-2621, CVE-2018-2622, CVE-2018-2623, CVE-2018-2624, CVE-2018-2625, CVE-2018-2626, CVE-2018-2627, CVE-2018-2629, CVE-2018-2630, CVE-2018-2631, CVE-2018-2632, CVE-2018-2633, CVE-2018-2634, CVE-2018-2635, CVE-2018-2636, CVE-2018-2637, CVE-2018-2638, CVE-2018-2639, CVE-2018-2640, CVE-2018-2641, CVE-2018-2642, CVE-2018-2643, CVE-2018-2644, CVE-2018-2645, CVE-2018-2646, CVE-2018-2647, CVE-2018-2648, CVE-2018-2649, CVE-2018-2650, CVE-2018-2651, CVE-2018-2652, CVE-2018-2653, CVE-2018-2654, CVE-2018-2655, CVE-2018-2656, CVE-2018-2657, CVE-2018-2658, CVE-2018-2659, CVE-2018-2660, CVE-2018-2661, CVE-2018-2662, CVE-2018-2663, CVE-2018-2664, CVE-2018-2665, CVE-2018-2666, CVE-2018-2667, CVE-2018-2668, CVE-2018-2669, CVE-2018-2670, CVE-2018-2671, CVE-2018-2672, CVE-2018-2673, CVE-2018-2674, CVE-2018-2675, CVE-2018-2676, CVE-2018-2677, CVE-2018-2678, CVE-2018-2679, CVE-2018-2680, CVE-2018-2681, CVE-2018-2682, CVE-2018-2683, CVE-2018-2684, CVE-2018-2685, CVE-2018-2686, CVE-2018-2687, CVE-2018-2688, CVE-2018-2689, CVE-2018-2690, CVE-2018-2691, CVE-2018-2692, CVE-2018-2693, CVE-2018-2694, CVE-2018-2695, CVE-2018-2696, CVE-2018-2697, CVE-2018-2698, CVE-2018-2699, CVE-2018-2700, CVE-2018-2701, CVE-2018-2702, CVE-2018-2703, CVE-2018-2704, CVE-2018-2705, CVE-2018-2706, CVE-2018-2707, CVE-2018-2708, CVE-2018-2709, CVE-2018-2710, CVE-2018-2711, CVE-2018-2712, CVE-2018-2713, CVE-2018-2714, CVE-2018-2715, CVE-2018-2716, CVE-2018-2717, CVE-2018-2719, CVE-2018-2720, CVE-2018-2721, CVE-2018-2722, CVE-2018-2723, CVE-2018-2724, CVE-2018-2725, CVE-2018-2726, CVE-2018-2727, CVE-2018-2728, CVE-2018-2729, CVE-2018-2730, CVE-2018-2731, CVE-2018-2732, CVE-2018-2733

Suggested Action

CCIRC recommends that system administrators identify their affected assets and potential interdependencies with their organization’s critical services, and follow their patch management process accordingly.

References:

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Date modified: