tagline: Confidence in the Connected World
CIS Logo
HomeResourcesAdvisoriesOracle Quarterly Critical Patches Issued January 19, 2016

Oracle Quarterly Critical Patches Issued January 19, 2016

MS-ISAC ADVISORY NUMBER:

2016-014

DATE(S) ISSUED:

01/19/2016

OVERVIEW:

Critical patches were released by Oracle as part of its quarterly patch release program. The most severe of which could allow for remote code execution.

RISK:

Goverment:
  • Large and medium government entities: N/A
  • Small government entities: N/A
Businesses:
  • Large and medium business entities: N/A
  • Small business entities: N/A
Home Users:
N/A

TECHNICAL SUMMARY:

According to Oracle, the update provides fixes for 248 new security vulnerabilities, affecting the following products:

Oracle Database Server, version(s) 11.2.0.4, 12.1.0.1, 12.1.0.2
Oracle GoldenGate, version(s) 11.2, 12.1.2
Oracle BI Publisher, version(s) 11.1.1.7.0, 11.1.1.9.0, 12.2.1.0.0
Oracle Business Intelligence Enterprise Edition, version(s) 11.1.1.7.0, 11.1.1.9.0
Oracle Endeca Server, version(s) 7.3.0.0, 7.4.0.0, 7.5.0.0, 7.6.0.0
Oracle Fusion Middleware, version(s) 10.1.3.5, 11.1.1.7, 11.1.1.8, 11.1.1.9, 11.1.2.2, 11.1.2.3, 12.1.2.0, 12.1.3.0, 12.2.1
Oracle GlassFish Server, version(s) 3.1.2
Oracle Identity Federation, version(s) 11.1.1.7, 11.1.2.2, 11.1.2.3
Oracle Outside In Technology, version(s) 8.5.0, 8.5.1, 8.5.2
Oracle Tuxedo, version(s) 12.1.1.0
Oracle Web Cache, version(s) 11.1.1.7.0, 11.1.1.9.0
Oracle WebCenter Sites, version(s) 7.6.2, 11.1.1.8.0
Oracle WebLogic Portal, version(s) 10.3.6
Oracle WebLogic Server, version(s) 10.3.6, 12.1.2, 12.1.3, 12.2.1
Enterprise Manager Base Platform, version(s) 11.1.0.1, 11.2.0.4, 12.1.0.4, 12.1.0.5
Enterprise Manager Ops Center, version(s) prior to 12.1.4, 12.2.0, 12.2.1, 12.3.0
Oracle Application Testing Suite, version(s) 12.4.0.2, 12.5.0.2
Application Mgmt Pack for E-Business Suite, version(s) 12.1, 12.2
Oracle E-Business Suite, version(s) 11.5.10.2, 12.1, 12.1.1, 12.1.2, 12.1.3, 12.2, 12.2.3, 12.2.4, 12.2.5
Oracle Agile Engineering Data Management, version(s) 6.1.2.2, 6.1.3.0, 6.2.0.0
Oracle Agile PLM, version(s) 9.3.1.1, 9.3.1.2, 9.3.2, 9.3.3
Oracle Configurator, version(s) 11.5.10.2, 12.1, 12.2
PeopleSoft Enterprise HCM Global Payroll Switzerland, version(s) 9.1, 9.2
PeopleSoft Enterprise PeopleTools, version(s) 8.53, 8.54, 8.55
PeopleSoft Enterprise SCM eProcurement, version(s) 9.1, 9.2
PeopleSoft Enterprise SCM Order Management, version(s) 9.1, 9.2
PeopleSoft Enterprise SCM Purchasing, version(s) 9.1, 9.2
JD Edwards EnterpriseOne Tools, version(s) 9.1, 9.2
Oracle iLearning, version(s) 11.2.0
Oracle Fusion Applications, version(s) 11.1.2 through 11.1.10
Oracle Communications Converged Application Server - Service Controller, version(s) 6.1
Oracle Communications EAGLE LNP Application Processor, version(s) 10.0
Oracle Communications Online Mediation Controller, version(s) 6.1
Oracle Communications Service Broker, version(s) 6.0, 6.1
Oracle Communications Service Broker Engineered System Edition, version(s) 6.0
MICROS CWDirect, version(s) 12.5, 13.0, 14.0, 15.0, 16.0, 17.0 18.0
Oracle Retail Open Commerce Platform Cloud Service, version(s) 3.5, 4.5, 4.7, 5.0
Oracle Retail Order Broker Cloud Service, version(s) 4.0, 4.1.
Oracle Retail Order Management System Cloud Service, version(s) 3.5, 4.5, 4.7, 5.0, 15.0
Oracle Retail Point-of-Service, version(s) 13.4, 14.0, 14.1
Oracle Java SE, version(s) 6u105, 7u91, 8u66
Oracle Java SE Embedded, version(s) 8u65
Oracle JRockit, version(s) R28.3.8
Oracle Switch ES1-24, version(s) prior to 1.3.1.13
Solaris, version(s) 10, 11
Solaris Cluster, version(s) 3.3, 4, 4.2
Sun Blade 6000 Ethernet Switched NEM 24P 10GE, version(s) prior to 1.2.2.13
Sun Network 10GE Switch 72p, version(s) prior to 1.2.2.15
Oracle Secure Global Desktop, version(s) 4.63, 4.71, 5.2
Oracle VM VirtualBox, version(s) prior to 4.0.36, prior to 4.1.44, prior to 4.2.36, prior to 4.3.36, prior to 5.0.14
MySQL Server, version(s) 5.5.46 and prior, 5.6.27 and prior, 5.7.9

RECOMENDATIONS:

We recommend the following actions be taken:

Apply appropriate update provided by Microsoft to vulnerable systems immediately after appropriate testing.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Controls That Help Avoid This Issue Arrow CIS Control 4: Continuous Vulnerability Assessment and Remediation Arrow CIS Control 18: Application Software Security CIS Benchmarks and Other Tools for Related Technology Arrow Oracle Database Arrow Oracle Linux Arrow Oracle MySQL Arrow Oracle Solaris

Information Hub: Advisories



Pencil Blog post 17 May 2017

Pencil White paper 17 May 2017

Pencil Press-release 17 May 2017