Oracle Critical Patch Updates for April 2014

Oracle has released April 2014 critical Patch Updates addressing serious flaws and vulnerabilities that have been identified. ” Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory” (Oracle, 2014). The patches address  104 security vulnerabilities consisting of Fusion Middleware, Hyperion, Oracle Database, Supply Chain Product Suite,  Siebel CRM, Java SE, and Sun Microsystems Products Suite, including Oracle Linux and Virtualization, iLearning , People-soft Enterprise and Oracle MySQL (Summerised in table 1 below). Due to the serious security lapses caused  by threats and vulnerabilities oracle recommends applying the patches as soon as possible . This Critical Patch Update contains 104 new security fixes across the product families listed below.

“Among the patches that should be prioritized are two bugs in Oracle’s database products. The more severe of these two issues could lead to a full compromise of impacted Windows systems, though exploitation would require that an attacker authenticate him or herself. Other platforms like Linux and Solaris are less affected because the database does not extend into the underlying operating system there”( Threatpost , 2014). Also fixing five vulnerabilities affecting Oracle Linux and Virtualization products. To find out more Click here to visit Oracle site

Affected Products and Versions Patch Availability
Oracle Database 11g Release 1, version 11.1.0.7 Database
Oracle Database 11g Release 2, versions 11.2.0.3, 11.2.0.4 Database
Oracle Database 12c Release 1, version 12.1.0.1 Database
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.7, 11.1.1.8 Fusion Middleware
Oracle Fusion Middleware 12c Release 1, versions 12.1.1.0, 12.1.2.0 Fusion Middleware
Oracle Fusion Applications, versions 11.1.2 through 11.1.8 Fusion Applications
Oracle Access Manager, versions 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, 11.1.2.2.0 Fusion Middleware
Oracle Containers for J2EE, version 10.1.3.5 Fusion Middleware
Oracle Data Integrator, version 11.1.1.3.0 Fusion Middleware
Oracle Endeca Server, version 2.2.2 Fusion Middleware
Oracle Event Processing, version 11.1.1.7.0 Fusion Middleware
Oracle Identity Analytics, version 11.1.1.5, Sun Role Manager, version 5.0 Fusion Middleware
Oracle OpenSSO, version 8.0 Update 2 Patch 5 Fusion Middleware
Oracle OpenSSO Policy Agent, version 3.0-03 Fusion Middleware
Oracle WebCenter Portal, versions 11.1.1.7, 11.1.1.8 Fusion Middleware
Oracle WebLogic Server, versions 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0 Fusion Middleware
Oracle Hyperion Common Admin, versions 11.1.2.2, 11.1.2.3 Fusion Middleware
Oracle E-Business Suite Release 11i, 12i E-Business Suite
Oracle Agile PLM Framework, versions 9.3.1.1, 9.3.3.0 Oracle Supply Chain
Oracle Agile Product Lifecycle Management for Process, versions 6.0.0.7, 6.1.1.3 Oracle Supply Chain
Oracle Transportation Management, versions 6.3, 6.3.4 Oracle Supply Chain
Oracle PeopleSoft Enterprise CS Campus Self Service, version 9.0 PeopleSoft
Oracle PeopleSoft Enterprise HRMS Talent Acquisition Manager, versions 8.52, 8.53 PeopleSoft
Oracle PeopleSoft Enterprise PT Tools, versions 8.52, 8.53 PeopleSoft
Oracle Siebel UI Framework, versions 8.1.1, 8.2.2 Siebel
Oracle iLearning, versions 6.0, 6.1 iLearning
Oracle JavaFX, version 2.2.51 Oracle Java SE
Oracle Java SE, versions 5.0u61, 6u71, 7u51, 8 Oracle Java SE
Oracle Java SE Embedded, version 7u51 Oracle Java SE
Oracle JRockit, versions R27.8.1, R28.3.1 Oracle Java SE
Oracle Solaris, versions 9, 10, 11.1 Oracle and Sun Systems Products Suite
Oracle Secure Global Desktop, versions 4.63, 4.71, 5.0, 5.1 Oracle Linux and Virtualization
Oracle VM VirtualBox, versions prior to 3.2.22, 4.0.24, 4.1.32, 4.2.24, 4.3.10 Oracle Linux and Virtualization
Oracle MySQL Server, versions 5.5, 5.6 Oracle MySQL Product Suite

Table 1: Affected Products and Versions, Source: Oracle Corporation

 

 

References

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s