Numéro : AV17-105
Date : Le 18 juillet 2017
Objet
L'objet du présent avis est d'attirer l'attention sur les mises à jour critiques suivante, qui vise des produits d'Oracle.
Évaluation
Oracle a publié une mise à jour critique qui comporte 308 nouveaux correctifs de sécurité touchant de multiples produits d`Oracle.
Produits affectés :
- Application Management Pack for Oracle E-Business Suite, versions AMP 12.1.0.4.0, AMP 13.1.1.1.0
- Enterprise Manager Base Platform, versions 12.1.0, 13.1.0, 13.2.0
- Enterprise Manager Ops Center, versions 12.2.2, 12.3.2
- Financial Services Behavior Detection Platform, versions 8.0.1, 8.0.2
- Hospitality Hotel Mobile, versions 1.01, 1.05, 1.1
- Hospitality Property Interfaces, version 8.10.x
- Hospitality Suite8, version 8.10.x
- Hospitality WebSuite8 Cloud Service, versions 8.9.6, 8.10.x
- Hyperion Essbase, version 12.2.1.1
- Java Advanced Management Console, version 2.6
- MICROS BellaVita, version 2.7.x
- MICROS PC Workstation 2015, versions Prior to O1302h
- MICROS Workstation 650, versions Prior to E1500n
- MySQL Cluster, versions 7.3.5 and prior
- MySQL Connectors, versions 5.3.7 and prior, 6.1.10 and prior
- MySQL Enterprise Monitor, versions 3.1.5.7958 and prior, 3.2.5.1141 and prior, 3.2.7.1204 and prior, 3.3.2.1162 and prior, 3.3.3.1199 and prior
- MySQL Server, versions 5.5.56 and prior, 5.6.36 and prior, 5.7.18 and prior
- Oracle Agile PLM, versions 9.3.5, 9.3.6
- Oracle API Gateway, version 11.1.2.4.0
- Oracle Application Testing Suite, versions 12.5.0.2, 12.5.0.3
- Oracle Banking Platform, versions 2.3, 2.4, 2.4.1, 2.5
- Oracle BI Publisher, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0
- Oracle Business Intelligence Enterprise Edition, versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0
- Oracle Business Transaction Management, versions 11.1.x, 12.1.x
- Oracle Commerce Guided Search / Oracle Commerce Experience Manager, versions 6.1.4, 11.0, 11.1, 11.2
- Oracle Communications BRM, versions 11.2.0.0.0, 11.3.0.0.0
- Oracle Communications Convergence, versions 3.0, 3.0.1
- Oracle Communications EAGLE LNP Application Processor, version 10.0
- Oracle Communications Network Charging and Control, versions 4.4.1.5, 5.0.0.1, 5.0.0.2, 5.0.1.0, 5.0.2.0
- Oracle Communications Policy Management, version 11.5
- Oracle Communications Session Router, versions ECZ730, SCZ730, SCZ740
- Oracle Configuration Manager, versions prior to 12.1.2.0.4
- Oracle Data Integrator, versions 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0
- Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1
- Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6
- Oracle Endeca Server, versions 7.3.0.0, 7.4.0.0, 7.5.0.0, 7.5.1.0, 7.6.0.0, 7.6.1.0, 7.7.0.0
- Oracle Enterprise Communications Broker, version PCZ210
- Oracle Enterprise Data Quality, version 8.1.13.0.0
- Oracle Enterprise Repository, versions 11.1.1.7.0, 12.1.3.0.0
- Oracle Enterprise Session Border Controller, version ECZ7.3.0
- Oracle Explorer, versions prior to 8.16
- Oracle FLEXCUBE Direct Banking, versions 12.0.2, 12.0.3
- Oracle FLEXCUBE Private Banking, versions 2.0.0, 2.0.1, 2.2.0, 12.0.1
- Oracle FLEXCUBE Universal Banking, versions 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0
- Oracle Fusion Applications, versions 11.1.2 through 11.1.9
- Oracle Fusion Middleware, versions 11.1.1.7, 11.1.1.9, 11.1.2.2, 11.1.2.3, 12.1.3.0, 12.2.1.1, 12.2.1.2
- Oracle Hospitality 9700, version 4.0
- Oracle Hospitality Cruise AffairWhere, version 2.2.05.062
- Oracle Hospitality Cruise Dining Room Management, version 8.0.75
- Oracle Hospitality Cruise Fleet Management, version 9.0
- Oracle Hospitality Cruise Materials Management, version 7.30.562
- Oracle Hospitality Cruise Shipboard Property Management System, version 8.0.0.0
- Oracle Hospitality e7, version 4.2.1
- Oracle Hospitality Guest Access, versions 4.2.0.0, 4.2.1.0
- Oracle Hospitality Inventory Management, versions 8.5.1, 9.0.0
- Oracle Hospitality Materials Control, version 8.31.4, 8.32.0
- Oracle Hospitality OPERA 5 Property Services, versions 5.4.0.x, 5.4.1.x, 5.4.3.x
- Oracle Hospitality Reporting and Analytics, versions 8.5.1, 9.0.0
- Oracle Hospitality RES 3700, version 5.5
- Oracle Hospitality Simphony First Edition Venue Management, version 3.9
- Oracle Hospitality Simphony First Edition, version 1.7.1
- Oracle Hospitality Simphony, versions 2.8, 2.9
- Oracle Hospitality Suites Management, version 3.7
- Oracle iLearning, version 6.2
- Oracle Java SE Embedded, version 8u131
- Oracle Java SE, versions 6u151, 7u141, 8u131
- Oracle JRockit, version R28.3.14
- Oracle OpenSSO, version 3.0.0.8
- Oracle Outside In Technology, version 8.5.3.0
- Oracle Payment Interface, version 6.1.1
- Oracle Policy Automation, versions 12.1.0, 12.1.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3
- Oracle REST Data Services, versions prior to 3.0.10.25.02.36
- Oracle Retail Allocation, versions 13.3.1, 14.0.4, 14.1.3, 15.0.1, 16.0.1
- Oracle Retail Customer Insights, versions 15.0, 16.0
- Oracle Retail Open Commerce Platform, versions 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0, 15.1
- Oracle Retail Warehouse Management System, versions 14.0.4, 14.1.3, 15.0.1
- Oracle Retail Workforce Management, versions 1.60.7, 1.64.0
- Oracle Retail Xstore Point of Service, versions 6.0.x, 6.5.x, 7.0.x, 7.1.x, 15.0.x, 16.0.0
- Oracle Secure Enterprise Search, version 11.2.2.2.0
- Oracle Service Bus, version 11.1.1.9.0
- Oracle Traffic Director, versions 11.1.1.7.0, 11.1.1.9.0
- Oracle Transportation Management, versions 6.1, 6.2, 6.3.4.1, 6.3.5.1, 6.3.6.1, 6.3.7.1, 6.4.0, 6.4.1, 6.4.2
- Oracle Tuxedo System and Applications Monitor, versions 11.1.1.2.0, 11.1.1.2.1, 11.1.1.2.2, 12.1.1.1.0, 12.1.3.0.0, 12.2.2.0.0
- Oracle Tuxedo, version 12.1.1
- Oracle VM VirtualBox, versions prior to 5.1.24
- Oracle WebCenter Content, versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0
- Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.1, 12.2.1.2
- PeopleSoft Enterprise FSCM, version 9.2
- PeopleSoft Enterprise PeopleTools, versions 8.54, 8.55
- PeopleSoft Enterprise PRTL Interaction Hub, version 9.1.0
- Primavera Gateway, versions 1.0, 1.1, 14.2, 15.1, 15.2, 16.1, 16.2
- Primavera P6 Enterprise Project Portfolio Management, versions 8.3, 8.4, 15.1, 15.2, 16.1, 16.2
- Primavera Unifier, versions 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1, 16.2
- Siebel Applications, versions 16.0, 17.0
- Solaris Cluster, version 4
- Solaris, versions 10, 11
- Sun ZFS Storage Appliance Kit (AK), version AK 2013
Références CVE:
CVE-2013-2027, CVE-2014-0224, CVE-2014-1912, CVE-2014-3566, CVE-2014-3571, CVE-2015-0235, CVE-2015-0254, CVE-2015-0286, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3195, CVE-2015-3197, CVE-2015-3253, CVE-2015-5254, CVE-2015-7501, CVE-2015-7940, CVE-2015-8607, CVE-2015-8608, CVE-2016-0635, CVE-2016-1181, CVE-2016-1950, CVE-2016-1979, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-2381, CVE-2016-2834, CVE-2016-3092, CVE-2016-3506, CVE-2016-4430, CVE-2016-4431, CVE-2016-4433, CVE-2016-4436, CVE-2016-4438, CVE-2016-4465, CVE-2016-5019, CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309, CVE-2016-6814, CVE-2016-7052, CVE-2016-7055, CVE-2017-3529, CVE-2017-3562, CVE-2017-3632, CVE-2017-3633, CVE-2017-3634, CVE-2017-3635, CVE-2017-3636, CVE-2017-3637, CVE-2017-3638, CVE-2017-3639, CVE-2017-3640, CVE-2017-3641, CVE-2017-3642, CVE-2017-3643, CVE-2017-3644, CVE-2017-3645, CVE-2017-3646, CVE-2017-3647, CVE-2017-3648, CVE-2017-3649, CVE-2017-3650, CVE-2017-3651, CVE-2017-3652, CVE-2017-3653, CVE-2017-3731, CVE-2017-3732, CVE-2017-5638, CVE-2017-5647, CVE-2017-5650, CVE-2017-5651, CVE-2017-5689, CVE-2017-10000, CVE-2017-10001, CVE-2017-10002, CVE-2017-10003, CVE-2017-10004, CVE-2017-10005, CVE-2017-10006, CVE-2017-10007, CVE-2017-10008, CVE-2017-10009, CVE-2017-10010, CVE-2017-10011, CVE-2017-10012, CVE-2017-10013, CVE-2017-10015, CVE-2017-10016, CVE-2017-10017, CVE-2017-10018, CVE-2017-10019, CVE-2017-10020, CVE-2017-10021, CVE-2017-10022, CVE-2017-10023, CVE-2017-10024, CVE-2017-10025, CVE-2017-10027, CVE-2017-10028, CVE-2017-10029, CVE-2017-10030, CVE-2017-10031, CVE-2017-10032, CVE-2017-10035, CVE-2017-10036, CVE-2017-10038, CVE-2017-10039, CVE-2017-10040, CVE-2017-10041, CVE-2017-10042, CVE-2017-10043, CVE-2017-10044, CVE-2017-10045, CVE-2017-10046, CVE-2017-10047, CVE-2017-10048, CVE-2017-10049, CVE-2017-10052, CVE-2017-10053, CVE-2017-10056, CVE-2017-10057, CVE-2017-10058, CVE-2017-10059, CVE-2017-10061, CVE-2017-10062, CVE-2017-10063, CVE-2017-10064, CVE-2017-10067, CVE-2017-10069, CVE-2017-10070, CVE-2017-10071, CVE-2017-10072, CVE-2017-10073, CVE-2017-10074, CVE-2017-10075, CVE-2017-10076, CVE-2017-10078, CVE-2017-10079, CVE-2017-10080, CVE-2017-10081, CVE-2017-10082, CVE-2017-10083, CVE-2017-10084, CVE-2017-10085, CVE-2017-10086, CVE-2017-10087, CVE-2017-10088, CVE-2017-10089, CVE-2017-10090, CVE-2017-10091, CVE-2017-10092, CVE-2017-10093, CVE-2017-10094, CVE-2017-10095, CVE-2017-10096, CVE-2017-10097, CVE-2017-10098, CVE-2017-10100, CVE-2017-10101, CVE-2017-10102, CVE-2017-10103, CVE-2017-10104, CVE-2017-10105, CVE-2017-10106, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10112, CVE-2017-10113, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10117, CVE-2017-10118, CVE-2017-10119, CVE-2017-10120, CVE-2017-10121, CVE-2017-10122, CVE-2017-10123, CVE-2017-10125, CVE-2017-10126, CVE-2017-10128, CVE-2017-10129, CVE-2017-10130, CVE-2017-10131, CVE-2017-10132, CVE-2017-10133, CVE-2017-10134, CVE-2017-10135, CVE-2017-10136, CVE-2017-10137, CVE-2017-10141, CVE-2017-10142, CVE-2017-10143, CVE-2017-10144, CVE-2017-10145, CVE-2017-10146, CVE-2017-10147, CVE-2017-10148, CVE-2017-10149, CVE-2017-10150, CVE-2017-10156, CVE-2017-10157, CVE-2017-10160, CVE-2017-10168, CVE-2017-10169, CVE-2017-10170, CVE-2017-10171, CVE-2017-10172, CVE-2017-10173, CVE-2017-10174, CVE-2017-10175, CVE-2017-10176, CVE-2017-10177, CVE-2017-10178, CVE-2017-10179, CVE-2017-10180, CVE-2017-10181, CVE-2017-10182, CVE-2017-10183, CVE-2017-10184, CVE-2017-10185, CVE-2017-10186, CVE-2017-10187, CVE-2017-10188, CVE-2017-10189, CVE-2017-10191, CVE-2017-10192, CVE-2017-10193, CVE-2017-10195, CVE-2017-10196, CVE-2017-10198, CVE-2017-10199, CVE-2017-10200, CVE-2017-10201, CVE-2017-10202, CVE-2017-10204, CVE-2017-10205, CVE-2017-10206, CVE-2017-10207, CVE-2017-10208, CVE-2017-10209, CVE-2017-10210, CVE-2017-10211, CVE-2017-10212, CVE-2017-10213, CVE-2017-10214, CVE-2017-10215, CVE-2017-10216, CVE-2017-10217, CVE-2017-10218, CVE-2017-10219, CVE-2017-10220, CVE-2017-10221, CVE-2017-10222, CVE-2017-10223, CVE-2017-10224, CVE-2017-10225, CVE-2017-10226, CVE-2017-10228, CVE-2017-10229, CVE-2017-10230, CVE-2017-10231, CVE-2017-10232, CVE-2017-10233, CVE-2017-10234, CVE-2017-10235, CVE-2017-10236, CVE-2017-10237, CVE-2017-10238, CVE-2017-10239, CVE-2017-10240, CVE-2017-10241, CVE-2017-10242, CVE-2017-10243, CVE-2017-10244, CVE-2017-10245, CVE-2017-10246, CVE-2017-10247, CVE-2017-10248, CVE-2017-10249, CVE-2017-10250, CVE-2017-10251, CVE-2017-10252, CVE-2017-10253, CVE-2017-10254, CVE-2017-10255, CVE-2017-10256, CVE-2017-10257, CVE-2017-10258
Mesure suggérée
Le CCRIC recommande que les administrateurs des systèmes déterminent les produits touchés et leur possible interdépendance avec les services essentiels de l'organisme et suivent leur processus de gestion des correctifs en conséquence.
Références
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html (en Anglais)