Oracle Critical Patch Update Advisory - April 2014

Number: AV14-020
Date: 16 April 2014


The purpose of this advisory is to bring attention to the following critical patch update released for Oracle.


Oracle has issued a Critical Patch Update (CPU) which addresses 104 new security fixes across multiple Oracle products.

Affected products and versions:

Oracle Database 11g Release 1, version
Oracle Database 11g Release 2, versions,
Oracle Database 12c Release 1, version
Oracle Fusion Middleware 11g Release 1, versions,   
Oracle Fusion Middleware 12c Release 1, versions,   
Oracle Fusion Applications, versions 11.1.2 through 11.1.8
Oracle Access Manager, versions,,,,,,
Oracle Containers for J2EE, version  
Oracle Data Integrator, version    
Oracle Endeca Server, version 2.2.2
Oracle Event Processing, version   
Oracle Identity Analytics, version, Sun Role Manager, version 5.0  
Oracle OpenSSO, version 8.0 Update 2 Patch 5  
Oracle OpenSSO Policy Agent, version 3.0-03   
Oracle WebCenter Portal, versions,
Oracle WebLogic Server, versions,,,
Oracle Hyperion Common Admin, versions, 
Oracle E-Business Suite Release 11i, 12i
Oracle Agile PLM Framework, versions,
Oracle Agile Product Lifecycle Management for Process, versions,  
Oracle Transportation Management, versions 6.3, 6.3.4
Oracle PeopleSoft Enterprise CS Campus Self Service, version 9.0
Oracle PeopleSoft Enterprise HRMS Talent Acquisition Manager, versions 8.52, 8.53 
Oracle PeopleSoft Enterprise PT Tools, versions 8.52, 8.53
Oracle Siebel UI Framework, versions 8.1.1, 8.2.2   
Oracle iLearning, versions 6.0, 6.1
Oracle JavaFX, version 2.2.51
Oracle Java SE, versions 5.0u61, 6u71, 7u51, 8
Oracle Java SE Embedded, version 7u51   
Oracle JRockit, versions R27.8.1, R28.3.1
Oracle Solaris, versions 9, 10, 11.1    
Oracle Secure Global Desktop, versions 4.63, 4.71, 5.0, 5.1
Oracle VM VirtualBox, versions prior to 3.2.22, 4.0.24, 4.1.32, 4.2.24, 4.3.10    
Oracle MySQL Server, versions 5.5, 5.6

Suggested action

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. CCIRC recommends that system administrators identify their affected assets and potential interdependencies with their organization's critical services, and follow their patch management process accordingly.


Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589

Date modified: