Oracle Critical Patch Update Advisory - April 2014

Number: AV14-020
Date: 16 April 2014

Purpose

The purpose of this advisory is to bring attention to the following critical patch update released for Oracle.

Assessment

Oracle has issued a Critical Patch Update (CPU) which addresses 104 new security fixes across multiple Oracle products.

Affected products and versions:

Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 11g Release 2, versions 11.2.0.3, 11.2.0.4
Oracle Database 12c Release 1, version 12.1.0.1
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.7, 11.1.1.8   
Oracle Fusion Middleware 12c Release 1, versions 12.1.1.0, 12.1.2.0   
Oracle Fusion Applications, versions 11.1.2 through 11.1.8
Oracle Access Manager, versions 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, 11.1.2.2.0
Oracle Containers for J2EE, version 10.1.3.5  
Oracle Data Integrator, version 11.1.1.3.0    
Oracle Endeca Server, version 2.2.2
Oracle Event Processing, version 11.1.1.7.0   
Oracle Identity Analytics, version 11.1.1.5, Sun Role Manager, version 5.0  
Oracle OpenSSO, version 8.0 Update 2 Patch 5  
Oracle OpenSSO Policy Agent, version 3.0-03   
Oracle WebCenter Portal, versions 11.1.1.7, 11.1.1.8
Oracle WebLogic Server, versions 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0
Oracle Hyperion Common Admin, versions 11.1.2.2, 11.1.2.3 
Oracle E-Business Suite Release 11i, 12i
Oracle Agile PLM Framework, versions 9.3.1.1, 9.3.3.0
Oracle Agile Product Lifecycle Management for Process, versions 6.0.0.7, 6.1.1.3  
Oracle Transportation Management, versions 6.3, 6.3.4
Oracle PeopleSoft Enterprise CS Campus Self Service, version 9.0
Oracle PeopleSoft Enterprise HRMS Talent Acquisition Manager, versions 8.52, 8.53 
Oracle PeopleSoft Enterprise PT Tools, versions 8.52, 8.53
Oracle Siebel UI Framework, versions 8.1.1, 8.2.2   
Oracle iLearning, versions 6.0, 6.1
Oracle JavaFX, version 2.2.51
Oracle Java SE, versions 5.0u61, 6u71, 7u51, 8
Oracle Java SE Embedded, version 7u51   
Oracle JRockit, versions R27.8.1, R28.3.1
Oracle Solaris, versions 9, 10, 11.1    
Oracle Secure Global Desktop, versions 4.63, 4.71, 5.0, 5.1
Oracle VM VirtualBox, versions prior to 3.2.22, 4.0.24, 4.1.32, 4.2.24, 4.3.10    
Oracle MySQL Server, versions 5.5, 5.6

Suggested action

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. CCIRC recommends that system administrators identify their affected assets and potential interdependencies with their organization's critical services, and follow their patch management process accordingly.

References

http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: