Sélection de la langue

Government of Canada / Gouvernement du Canada

Avis aux lectrices et aux lecteurs

Cette publication ne répond pas actuellement aux normes Web du gouvernement du Canada. Les informations restent valables.

Avis de mise à jour critique d’Oracle – avril 2017

Numéro : AV17-048
Date : Le 19 avril 2017

Objet

L’objet du présent avis est d’attirer l’attention sur les mises à jour critiques suivante, qui vise des produits d’Oracle.

Évaluation

Oracle a publié une mise à jour critique qui comporte 299 nouveaux correctifs de sécurité touchant de multiples produits d`Oracle.

Produits affectés :

  • Automatic Service Request (ASR), version(s) prior to 5.7
  • Enterprise Manager Base Platform, version(s) 12.1.0, 13.1.0, 13.2.0
  • JD Edwards EnterpriseOne Tools, version(s) 9.2
  • MICROS Lucas, version(s) 2.9.5.1, 2.9.5.2, 2.9.5.3, 2.9.5.4, 2.9.5.5
  • MICROS Relate CRM Software, version(s) 10.0, 10.5, 10.8, 11.0, 11.1, 11.4, 15.0
  • MICROS XBR, version(s) 10.0.1, 10.5.0, 10.6.0, 10.7.7, 10.8.0, 10.8.1
  • MICROS Xstore Payment, version(s) 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, 16.0
  • MySQL Cluster, version(s) 7.2.27 and prior, 7.3.16 and prior, 7.4.14 and prior, 7.5.5 and prior
  • MySQL Connectors, version(s) 2.1.5 and prior, 5.1.41 and prior
  • MySQL Enterprise Backup, version(s) 3.12.3 and prior, 4.0.3 and prior
  • MySQL Enterprise Monitor, version(s) 3.1.6.8003 and prior, 3.2.1182 and prior, 3.3.2.1162 and prior
  • MySQL Server, version(s) 5.5.54 and prior, 5.6.35 and prior, 5.7.17 and prior, 5.7.11 to 5.7.17
  • MySQL Workbench, version(s) 6.3.8 and prior
  • Oracle Advanced Support Gateway, version(s) prior to 7.2
  • Oracle API Gateway, version(s) 11.1.2.4.0
  • Oracle Berkeley DB, version(s) prior to 6.2.32
  • Oracle Commerce Guided Search / Oracle Commerce Experience Manager, version(s) 6.1.4, 6.2.2, 6.3.0, 6.4.1.2, 6.5.0, 6.5.1, 6.5.2, 11.0, 11.1, 11.2
  • Oracle Communications ASAP, version(s) 7.0, 7.2, 7.3
  • Oracle Communications Network Integrity, version(s) 7.2.4, 7.3.0
  • Oracle Communications Policy Management, version(s) 12.2
  • Oracle Communications Security Gateway, version(s) 3.0.0
  • Oracle Communications Service Broker Engineered System Edition, version(s) 6.0, 6.1
  • Oracle Communications Session Border Controller, version(s) SCZ7.3.0, SCZ7.4.0
  • Oracle Database Server, version(s) 11.2.0.4, 12.1.0.2
  • Oracle E-Business Suite, version(s) 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6
  • Oracle Financial Services Analytical Applications Infrastructure, version(s) 7.3.3, 7.3.4, 7.3.5
  • Oracle Financial Services Asset Liability Management, version(s) 6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4
  • Oracle Financial Services Basel Regulatory Capital Basic, version(s) 6.1.2, 6.1.3, 8.0.2, 8.0.3
  • Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, version(s) 6.1.2, 6.1.3, 8.0.2, 8.0.3
  • Oracle Financial Services Data Foundation, version(s) 8.0.1, 8.0.2, 8.0.3, 8.0.4
  • Oracle Financial Services Data Integration Hub, version(s) 8.0.1, 8.0.2, 8.0.3, 8.0.4
  • Oracle Financial Services Enterprise Financial Performance Analytics, version(s) 8.0.0 to 8.0.4
  • Oracle Financial Services Funds Transfer Pricing, version(s) 6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4
  • Oracle Financial Services Hedge Management and IFRS Valuations, version(s) 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4
  • Oracle Financial Services Institutional Performance Analytics, version(s) 8.0.0 to 8.0.4
  • Oracle Financial Services Liquidity Risk Management, version(s) 8.0.1, 8.0.2, 8.0.4
  • Oracle Financial Services Loan Loss Forecasting and Provisioning, version(s) 1.5.0, 1.5.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4
  • Oracle Financial Services Pricing Management/Transfer Pricing Component, version(s) 8.0.0 to 8.0.4
  • Oracle Financial Services Profitability Management, version(s) 6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4
  • Oracle Financial Services Reconciliation Framework, version(s) 8.0.0, 8.0.1, 8.0.2
  • Oracle Financial Services Retail Customer Analytics, version(s) 8.0.0 to 8.0.3
  • Oracle Financial Services Retail Performance Analytics, version(s) 8.0.0 to 8.0.4
  • Oracle FLEXCUBE Direct Banking, version(s) 12.0.2, 12.0.3
  • Oracle FLEXCUBE Enterprise Limits and Collateral Management, version(s) 12.0.0, 12.0.1, 12.1.0
  • Oracle FLEXCUBE Investor Servicing, version(s) 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0, 12.3.0
  • Oracle FLEXCUBE Private Banking, version(s) 2.0.0, 2.0.1, 2.2.0.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0
  • Oracle FLEXCUBE Universal Banking, version(s) 11.3.0, 11.4.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0
  • Oracle Fusion Applications, version(s) 11.1.2 through 11.1.9
  • Oracle Fusion Middleware MapViewer, version(s) 11.1.1.9, 12.2.1.1, 12.2.1.2
  • Oracle Fusion Middleware, version(s) 11.1.1.7, 11.1.1.9, 11.1.2.2, 11.1.2.3, 12.1.3.0, 12.2.1.0, 12.2.1.1
  • Oracle GlassFish Server, version(s) 3.1.2
  • Oracle Healthcare Master Person Index, version(s) 3.0.0.x and 4.0.1.x, prior to and 2.0.1.x
  • Oracle Hospitality OPERA 5 Property Services, version(s) 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x, 5.5.1.x
  • Oracle Hyperion Essbase, version(s) 11.1.2.2
  • Oracle Identity Manager, version(s) 11.1.2.3.0
  • Oracle Insurance Data Foundation, version(s) 8.0.1, 8.0.2, 8.0.3, 8.0.4
  • Oracle Insurance Istream, version(s) 4.3.2 and prior
  • Oracle Java SE Embedded, version(s) 8u121
  • Oracle Java SE, version(s) 6u141, 7u131, 8u121
  • Oracle JRockit, version(s) R28.3.13
  • Oracle Real-Time Scheduler, version(s) 2.2.0.3.13, 2.3.0.0, 2.3.0.1
  • Oracle Retail Advanced Inventory Planning, version(s) 14.1, 15.0
  • Oracle Retail Advanced Science Engine, version(s) 14.1
  • Oracle Retail Analytic Parameter Calculator - RO, version(s) 15.0
  • Oracle Retail Analytics, version(s) 14.0, 14.1, 15.0, 16.0
  • Oracle Retail Assortment Planning, version(s) 14.1.3, 15.0.1, 16.0.0
  • Oracle Retail Back Office, version(s) 14.1
  • Oracle Retail Category Management Planning & Optimization, version(s) 15.0
  • Oracle Retail Category Management, version(s) 13.2, 13.3, 14.0, 14.1
  • Oracle Retail Customer Insights, version(s) 15.0
  • Oracle Retail Customer Management and Segmentation Foundation, version(s) 15.0
  • Oracle Retail Demand Forecasting, version(s) 14.1.3, 15.0.2
  • Oracle Retail Invoice Matching, version(s) 12.0, 13.0, 13.1, 13.2, 14.0, 14.1
  • Oracle Retail Item Planning, version(s) 14.1.3, 15.0.2
  • Oracle Retail Macro Space Optimization, version(s) 15.0.2
  • Oracle Retail Merchandise Financial Planning, version(s) 14.1.3, 15.0.2
  • Oracle Retail Merchandising Insights, version(s) 15.0
  • Oracle Retail Open Commerce Platform, version(s) 4.0, 5.0, 5.1, 5.3, 6.0, 6.1, 15.0, 16.0
  • Oracle Retail Order Broker, version(s) 5.1, 5.2, 15.0, 16.0
  • Oracle Retail Point-of-Service, version(s) 14.1.3
  • Oracle Retail Predictive Application Server, version(s) 13.1, 13.2, 13.3, 13.3.3, 13.4, 13.4.3, 14.0, 14.0.3, 14.1, 14.1.3, 15.0, 15.0.2, 16.0.0
  • Oracle Retail Regular Price Optimization, version(s) 14.1.3, 15.0.2
  • Oracle Retail Replenishment Optimization, version(s) 14.1.3, 15.0.2
  • Oracle Retail Returns Management, version(s) 14.1
  • Oracle Retail Size Profile Optimization, version(s) 14.1.3, 15.0.2
  • Oracle Retail Store Inventory, version(s) 14.1, 15.0, 16.0
  • Oracle Retail Warehouse Management System, version(s) 13.2, 14.0, 15.0
  • Oracle Retail XBRi Loss Prevention, version(s) 10.0.1, 10.5.0, 10.6.0, 10.7.0, 10.8.0, 10.8.1
  • Oracle Retail Xstore Point of Service, version(s) 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, 16.0
  • Oracle Secure Backup, version(s) prior to 12.1.0.3.0
  • Oracle Service Bus, version(s) 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0, 12.2.1.2.0
  • Oracle Social Network, version(s) prior to 11.1.12.0.0 (17019101)
  • Oracle SuperCluster Specific Software, version(s) 2.3.8, 2.3.13
  • Oracle Trace File Analyzer (TFA), version(s) prior to 12.1.2.8.4
  • Oracle Transportation Manager, version(s) 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, 6.4.1, 6.4.2
  • Oracle Utilities Customer Self Service, version(s) 2.1.0.2.0
  • Oracle Utilities Framework, version(s) 2.2.0.0.0, 4.1.0.1.0, 4.1.0.2.0, 4.2.0.1.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0, 4.3.0.2.0, 4.3.0.3.0
  • Oracle Utilities Work and Asset Management, version(s) 1.9.1.2.11
  • Oracle VM VirtualBox, version(s) prior to 5.0.38, prior to 5.1.20
  • Oracle WebCenter Content, version(s) 11.1.1.7, 11.1.1.9, 12.2.1.0, 12.2.1.1, 12.2.1.2
  • Oracle WebCenter Sites, version(s) 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0, 12.2.1.2.0
  • Oracle WebLogic Server, version(s) 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1, 12.2.1.2
  • OSS Support Tools, version(s) prior to RDA 8.15.17.3.14
  • PeopleSoft Enterprise CS Campus Community, version(s) 9.2
  • PeopleSoft Enterprise FIN Receivables, version(s) 9.2
  • PeopleSoft Enterprise FSCM, version(s) 9.1
  • PeopleSoft Enterprise PeopleTools, version(s) 8.54, 8.55
  • PeopleSoft Enterprise SCM eBill Payment, version(s) 9.2
  • PeopleSoft Enterprise SCM eSupplier Connection, version(s) 9.2
  • PeopleSoft Enterprise SCM Purchasing, version(s) 9.2
  • PeopleSoft Enterprise SCM Service Procurement, version(s) 9.2
  • PeopleSoft Enterprise SCM Strategic Sourcing, version(s) 9.2
  • Primavera Gateway, version(s) 1.0, 1.1, 14.2, 15.1, 15.2, 16.1, 16.2
  • Primavera P6 Enterprise Project Portfolio Management, version(s) 8.3, 8.4, 15.1, 15.2, 16.1, 16.2
  • Primavera Unifier, version(s) 9.13, 9.14, 10.0, 10.1, 15.1, 15.2
  • Secure Global Desktop, version(s) 4.71, 5.2, 5.3
  • Siebel Applications, version(s) 6.1, 6.2, 7.0, 7.1
  • Solaris Cluster, version(s) 4.3
  • Solaris, version(s) 10, 11.3
  • StorageTek Tape Analytics SW Tool, version(s) prior to 2.2.1
  • Sun ZFS Storage Appliance Kit (AK), version(s) AK 2013

Références CVE:

CVE-2004-2761, CVE-2012-0920, CVE-2012-1007, CVE-2012-5881, CVE-2012-5882, CVE-2012-5883, CVE-2013-1982, CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987, CVE-2013-1995, CVE-2013-1998, CVE-2013-2002, CVE-2013-2003, CVE-2013-2005, CVE-2013-2566, CVE-2013-5209, CVE-2014-0114, CVE-2014-3571, CVE-2014-3596, CVE-2015-0204, CVE-2015-0286, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3195, CVE-2015-3236, CVE-2015-3237, CVE-2015-4852, CVE-2015-5252, CVE-2015-5351, CVE-2015-7501, CVE-2015-7940, CVE-2016-0635, CVE-2016-0706, CVE-2016-0714, CVE-2016-0729, CVE-2016-0762, CVE-2016-0763, CVE-2016-1181, CVE-2016-1182, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-2176, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-2510, CVE-2016-3092, CVE-2016-3504, CVE-2016-3506, CVE-2016-3607, CVE-2016-3674, CVE-2016-3739, CVE-2016-4430, CVE-2016-4431, CVE-2016-4433, CVE-2016-4436, CVE-2016-4802, CVE-2016-5018, CVE-2016-5019, CVE-2016-5407, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-5551, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309, CVE-2016-6794, CVE-2016-6796, CVE-2016-6797, CVE-2016-6816, CVE-2016-6817, CVE-2016-7052, CVE-2016-7055, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-8735, CVE-2016-8743, CVE-2017-3230, CVE-2017-3232, CVE-2017-3233, CVE-2017-3234, CVE-2017-3237, CVE-2017-3254, CVE-2017-3288, CVE-2017-3302, CVE-2017-3304, CVE-2017-3305, CVE-2017-3306, CVE-2017-3307, CVE-2017-3308, CVE-2017-3309, CVE-2017-3329, CVE-2017-3331, CVE-2017-3337, CVE-2017-3342, CVE-2017-3345, CVE-2017-3347, CVE-2017-3355, CVE-2017-3356, CVE-2017-3393, CVE-2017-3432, CVE-2017-3434, CVE-2017-3450, CVE-2017-3451, CVE-2017-3452, CVE-2017-3453, CVE-2017-3454, CVE-2017-3455, CVE-2017-3456, CVE-2017-3457, CVE-2017-3458, CVE-2017-3459, CVE-2017-3460, CVE-2017-3461, CVE-2017-3462, CVE-2017-3463, CVE-2017-3464, CVE-2017-3465, CVE-2017-3467, CVE-2017-3468, CVE-2017-3469, CVE-2017-3470, CVE-2017-3471, CVE-2017-3472, CVE-2017-3473, CVE-2017-3474, CVE-2017-3475, CVE-2017-3476, CVE-2017-3477, CVE-2017-3478, CVE-2017-3479, CVE-2017-3480, CVE-2017-3481, CVE-2017-3482, CVE-2017-3483, CVE-2017-3484, CVE-2017-3485, CVE-2017-3486, CVE-2017-3487, CVE-2017-3488, CVE-2017-3489, CVE-2017-3490, CVE-2017-3491, CVE-2017-3492, CVE-2017-3493, CVE-2017-3494, CVE-2017-3495, CVE-2017-3496, CVE-2017-3497, CVE-2017-3498, CVE-2017-3499, CVE-2017-3500, CVE-2017-3501, CVE-2017-3502, CVE-2017-3503, CVE-2017-3504, CVE-2017-3505, CVE-2017-3506, CVE-2017-3507, CVE-2017-3508, CVE-2017-3509, CVE-2017-3510, CVE-2017-3511, CVE-2017-3512, CVE-2017-3513, CVE-2017-3514, CVE-2017-3515, CVE-2017-3516, CVE-2017-3517, CVE-2017-3518, CVE-2017-3519, CVE-2017-3520, CVE-2017-3521, CVE-2017-3522, CVE-2017-3524, CVE-2017-3525, CVE-2017-3526, CVE-2017-3527, CVE-2017-3528, CVE-2017-3530, CVE-2017-3531, CVE-2017-3532, CVE-2017-3533, CVE-2017-3534, CVE-2017-3535, CVE-2017-3536, CVE-2017-3537, CVE-2017-3538, CVE-2017-3539, CVE-2017-3540, CVE-2017-3541, CVE-2017-3542, CVE-2017-3543, CVE-2017-3544, CVE-2017-3545, CVE-2017-3546, CVE-2017-3547, CVE-2017-3548, CVE-2017-3549, CVE-2017-3550, CVE-2017-3551, CVE-2017-3552, CVE-2017-3553, CVE-2017-3554, CVE-2017-3555, CVE-2017-3556, CVE-2017-3557, CVE-2017-3558, CVE-2017-3559, CVE-2017-3560, CVE-2017-3561, CVE-2017-3563, CVE-2017-3564, CVE-2017-3565, CVE-2017-3567, CVE-2017-3568, CVE-2017-3569, CVE-2017-3570, CVE-2017-3571, CVE-2017-3572, CVE-2017-3573, CVE-2017-3574, CVE-2017-3575, CVE-2017-3576, CVE-2017-3577, CVE-2017-3578, CVE-2017-3579, CVE-2017-3580, CVE-2017-3581, CVE-2017-3582, CVE-2017-3583, CVE-2017-3584, CVE-2017-3585, CVE-2017-3586, CVE-2017-3587, CVE-2017-3589, CVE-2017-3590, CVE-2017-3591, CVE-2017-3592, CVE-2017-3593, CVE-2017-3594, CVE-2017-3595, CVE-2017-3596, CVE-2017-3597, CVE-2017-3598, CVE-2017-3599, CVE-2017-3600, CVE-2017-3601, CVE-2017-3602, CVE-2017-3603, CVE-2017-3604, CVE-2017-3605, CVE-2017-3606, CVE-2017-3607, CVE-2017-3608, CVE-2017-3609, CVE-2017-3610, CVE-2017-3611, CVE-2017-3612, CVE-2017-3613, CVE-2017-3614, CVE-2017-3615, CVE-2017-3616, CVE-2017-3617, CVE-2017-3618, CVE-2017-3619, CVE-2017-3620, CVE-2017-3621, CVE-2017-3622, CVE-2017-3623, CVE-2017-3625, CVE-2017-3626, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732, CVE-2017-5638

Mesures Recommandées

Le CCRIC recommande que les administrateurs des systèmes déterminent les produits touchés et leur possible interdépendance avec les services essentiels de l’organisme et suivent leur processus de gestion des correctifs en conséquence.

Références :

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html (en Anglais)

Date de modification :