Oracle critical security patch

  • Post author:
  • Reading time:24 mins read

oracle

Oracle has released 276 security updates as part of the quarterly patch release cycle. The Oracle Critical Patch Update – July 2016 provides fixes for: Database Server, WebLogic, Application Express, E-Business Suite, Java SE, MySQL Server, PeopleSoft Enterprise, Retail Applications Suite, Fusion Applications, Hyperion, Enterprise Manager Grid Control, Supply Chain Products Suite, JD Edwards Products, Siebel CRM Executive, Communications Applications, Financial Services Applications,  Health Sciences Applications, Insurance Applications, Utilities Applications, Virtualization, Sun Systems Products Suite, Primavera Products Suite and Policy Automation.

The CPUJul2016 Advisory addresses,

  • Nine (9) security vulnerabilities for the Oracle Database Server of which five (5) vulnerabilities may be remotely exploitable without authentication.

  • Forty (40) security vulnerabilities for Oracle Fusion Middleware of which thirty-five (35) vulnerabilities may be remotely exploitable without authentication

  • Twenty three (23) security vulnerabilities for the Oracle E-Business Suite of which twenty-one (21) vulnerabilities may be remotely exploitable without authentication.

  • Twenty five (25) security vulnerabilities for the Oracle Supply Chain Products Suite of which thirteen (13) vulnerabilities may be remotely exploitable without authentication.

  • Twenty two (22) security vulnerabilities for Oracle MySQL of which three (3) vulnerabilities may be remotely exploitable without authentication.

  • Four (4) security vulnerabilities for Oracle Virtualization of which three (3) vulnerabilities may be remotely exploitable without authentication.

  • Thirty four (34) security vulnerabilities for the Oracle Sun Systems Products Suite of which twenty-one (21) may be remotely exploitable without authentication.

  • Fifteen (15) security vulnerabilities for the Oracle Primavera Products Suite of which eight (8) may be remotely exploitable without authentication.

  • Thirteen (13) security vulnerabilities for Oracle Java SE of which nine (9) may be remotely exploitable without authentication.

Detailed list of Affected Products and Components:t

Affected Products and Versions Patch Availability
Application Express, version(s) prior to 5.0.4 Database
Oracle Database Server, version(s) 11.2.0.4, 12.1.0.1, 12.1.0.2 Database
Oracle Access Manager, version(s) 10.1.4.x, 11.1.1.7 Fusion Middleware
Oracle BI Publisher, version(s) 11.1.1.7.0, 11.1.1.9.0, 12.2.1.0.0 Fusion Middleware
Oracle Business Intelligence Enterprise Edition, version(s) 11.1.1.7.0, 11.1.1.9.0, 11.2.1.0.0 Fusion Middleware
Oracle Directory Server Enterprise Edition, version(s) 7.0, 11.1.1.7.0 Fusion Middleware
Oracle Exalogic Infrastructure, version(s) 1.x, 2.x Fusion Middleware
Oracle Fusion Middleware, version(s) 11.1.1.7, 11.1.1.8, 11.1.1.9, 11.1.2.2, 11.1.2.3, 12.1.3.0, 12.2.1.0 Fusion Middleware
Oracle GlassFish Server, version(s) 2.1.1, 3.0.1, 3.1.2 Fusion Middleware
Oracle HTTP Server, version(s) 11.1.1.9, 12.1.3.0 Fusion Middleware
Oracle JDeveloper, version(s) 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0 Fusion Middleware
Oracle Portal, version(s) 11.1.1.6 Fusion Middleware
Oracle TopLink, version(s) 12.1.3.0, 12.2.1.0, 12.2.1.1 Fusion Middleware
Oracle WebCenter Sites, version(s) 11.1.1.8, 12.2.1.0 Fusion Middleware
Oracle WebLogic Server, version(s) 10.3.6.0, 12.1.3.0, 12.2.1.0 Fusion Middleware
Outside In Technology, version(s) 8.5.0, 8.5.1, 8.5.2 Fusion Middleware
Hyperion Financial Reporting, version(s) 11.1.2.4 Fusion Middleware
Enterprise Manager Base Platform, version(s) 12.1.0.5, 13.1.0.0 Enterprise Manager
Enterprise Manager for Fusion Middleware, version(s) 11.1.1.7, 11.1.1.9 Enterprise Manager
Enterprise Manager Ops Center, version(s) 12.1.4, 12.2.2, 12.3.2 Enterprise Manager
Oracle E-Business Suite, version(s) 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 E-Business Suite
Oracle Agile Engineering Data Management, version(s) 6.1.3.0, 6.2.0.0 Oracle Supply Chain Products
Oracle Agile PLM, version(s) 9.3.4, 9.3.5 Oracle Supply Chain Products
Oracle Demand Planning, version(s) 12.1, 12.2 Oracle Supply Chain Products
Oracle Transportation Management, version(s) 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, 6.4.1 Oracle Supply Chain Products
PeopleSoft Enterprise FSCM, version(s) 9.1, 9.2 PeopleSoft
PeopleSoft Enterprise PeopleTools, version(s) 8.53, 8.54, 8.55 PeopleSoft
JD Edwards EnterpriseOne Tools, version(s) 9.2.0.5 JD Edwards
Oracle Knowledge, version(s) 8.5.x Oracle Knowledge
Siebel Applications, version(s) 8.1.1, 8.2.2, IP2014, IP2015, IP2016 Siebel
Oracle Fusion Applications, version(s) 11.1.2 through 11.1.10 Fusion Applications
Oracle Communications ASAP, version(s) 7.0, 7.2, 7.3 Oracle Communications ASAP
Oracle Communications Core Session Manager, version(s) 7.2.5, 7.3.5 Oracle Communications Core Session Manager
Oracle Communications EAGLE Application Processor, version(s) 16.0 Oracle Communications EAGLE Application Processor
Oracle Communications Messaging Server, version(s) 6.3, 7.0, 8.0, Prior to 7.0.5.37.0 and 8.0.1.1.0 Oracle Communications Messaging Server
Oracle Communications Network Charging and Control, version(s) 4.4.1.5.0, 5.0.0.1.0, 5.0.0.2.0, 5.0.1.0.0, 5.0.2.0.0 Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor, version(s) prior to 3.3.92.0.0 Oracle Communications Operations Monitor
Oracle Communications Policy Management, version(s) prior to 9.9.2 Oracle Communications Policy Management
Oracle Communications Session Border Controller, version(s) 7.2.0, 7.3.0 Oracle Communications Session Border Controller
Oracle Communications Unified Session Manager, version(s) 7.2.5, 7.3.5 Oracle Communications Unified Session Manager
Oracle Enterprise Communications Broker, version(s) Prior to PCz 2.0.0m4p1 Oracle Enterprise Communications Broker
Oracle Banking Platform, version(s) 2.3.0, 2.4.0, 2.4.1, 2.5.0 Oracle Banking Platform
Oracle Financial Services Lending and Leasing, version(s) 14.1, 14.2 Oracle Financial Services Applications
Oracle FLEXCUBE Direct Banking, version(s) 12.0.1, 12.0.2, 12.0.3 Oracle Financial Services Applications
Oracle Health Sciences Clinical Development Center, version(s) 3.1.1.x, 3.1.2.x Health Sciences
Oracle Health Sciences Information Manager, version(s) 1.2.8.3, 2.0.2.3, 3.0.1.0 Health Sciences
Oracle Healthcare Analytics Data Integration, version(s) 3.1.0.0.0 Health Sciences
Oracle Healthcare Master Person Index, version(s) 2.0.12, 3.0.0, 4.0.1 Health Sciences
Oracle Documaker, version(s) prior to 12.5 Oracle Insurance Applications
Oracle Insurance Calculation Engine, version(s) 9.7.1, 10.1.2, 10.2.2 Oracle Insurance Applications
Oracle Insurance Policy Administration J2EE, version(s) 9.6.1, 9.7.1, 10.0.1, 10.1.2, 10.2.0, 10.2.2 Oracle Insurance Applications
Oracle Insurance Rules Palette, version(s) 9.6.1, 9.7.1, 10.0.1, 10.1.2, 10.2.0, 10.2.2 Oracle Insurance Applications
MICROS Retail XBRi Loss Prevention, version(s) 10.0.1, 10.5.0, 10.6.0, 10.7.0, 10.8.0, 10.8.1 Retail XBRi
Oracle Retail Central, Back Office, Returns Management, version(s) 13.1, 13.2, 13.3, 13.4, 14.0, 14.1, 12.0 13.0 Retail Point-of-Service
Oracle Retail Integration Bus, version(s) 13.0, 13.1, 13.2, 14.0, 14.1, 15.0 Retail Integration Bus
Oracle Retail Order Broker, version(s) 4.1, 5.1, 5.2, 15.0 Retail Order Broker
Oracle Retail Service Backbone, version(s) 13.0, 13.1, 13.2, 14.0, 14.1, 15.0 Retail Service Backbone
Oracle Retail Store Inventory Management, version(s) 12.0, 13.0, 13.1, 13.2, 14.0, 14.1 Retail Store Inventory Management
Oracle Utilities Framework, version(s) 2.2.0.0.0, 4.1.0.1.0, 4.1.0.2.0, 4.2.0.1.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0, 4.3.0.2.0 Oracle Utilities Applications
Oracle Utilities Network Management System, version(s) 1.10.0.6.27, 1.11.0.4.41, 1.11.0.5.4, 1.12.0.1.16, 1.12.0.2.12. 1.12.0.3.5 Oracle Utilities Applications
Oracle Utilities Work and Asset Management, version(s) 1.9.1.2.8 Oracle Utilities Applications
Oracle In-Memory Policy Analytics, version(s) 12.0.1 Oracle Policy Automation
Oracle Policy Automation, version(s) 10.3.0, 10.3.1, 10.4.0, 10.4.1, 10.4.2, 10.4.3, 10.4.4, 10.4.5, 10.4.6, 12.1.0, 12.1.1 Oracle Policy Automation
Oracle Policy Automation Connector for Siebel, version(s) 10.3.0, 10.4.0, 10.4.1, 10.4.2, 10.4.3, 10.4.4, 10.4.5, 10.4.6 Oracle Policy Automation
Oracle Policy Automation for Mobile Devices, version(s) 12.1.1 Oracle Policy Automation
Primavera Contract Management, version(s) 14.2 Oracle Primavera Products Suite
Primavera P6 Enterprise Project Portfolio Management, version(s) 8.2, 8.3, 8.4, 15.1, 15.2, 16.1 Oracle Primavera Products Suite
Oracle Java SE, version(s) 6u115, 7u101, 8u92 Oracle Java SE
Oracle Java SE Embedded, version(s) 8u91 Oracle Java SE
Oracle JRockit, version(s) R28.3.10 Oracle Java SE
40G 10G 72/64 Ethernet Switch, version(s) 2.0.0 Oracle and Sun Systems Products Suite
Fujitsu M10-1, M10-4, M10-4S Servers, version(s) prior to XCP 2320 Oracle and Sun Systems Products Suite
ILOM, version(s) 3.0, 3.1, 3.2 Oracle and Sun Systems Products Suite
Oracle Switch ES1-24, version(s) 1.3 Oracle and Sun Systems Products Suite
Solaris, version(s) 10, 11.3 Oracle and Sun Systems Products Suite
Solaris Cluster, version(s) 3.3, 4.3 Oracle and Sun Systems Products Suite
SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers, version(s) prior to XCP 1121 Oracle and Sun Systems Products Suite
Sun Blade 6000 Ethernet Switched NEM 24P 10GE, version(s) 1.2 Oracle and Sun Systems Products Suite
Sun Data Center InfiniBand Switch 36, version(s) prior to 2.2.2 Oracle and Sun Systems Products Suite
Sun Network 10GE Switch 72p, version(s) 1.2 Oracle and Sun Systems Products Suite
Sun Network QDR InfiniBand Gateway Switch, version(s) prior to 2.2.2 Oracle and Sun Systems Products Suite
Oracle Secure Global Desktop, version(s) 4.63, 4.71, 5.2 Oracle Linux and Virtualization
Oracle VM VirtualBox, version(s) prior to 5.0.26 Oracle Linux and Virtualization
MySQL Server, version(s) 5.5.49 and prior, 5.6.30 and prior, 5.7.12 and prior Oracle MySQL Product Suite

 

SecPod Saner detects these vulnerabilities and automatically fixes by applying security updates. Download Saner now and keep your systems updated and secure.

Shakeel

 

Share this article