Oracle Critical Patch Update Advisory

Number: AV18-118
Date: 18 July 2018

Purpose

The purpose of this advisory is to bring attention to the quarterly updates released for Oracle.

Assessment

Oracle has issued a Critical Patch Update Advisory which addresses multiple new security fixes across multiple Oracle products.

Affected Products:
Agile Recipe Management for Pharmaceuticals, version 9.3.4
- Enterprise Manager Base Platform, versions 12.1.0.5, 13.2.x
- Enterprise Manager for Fusion Middleware, versions 12.1.0.5, 13.2.x
- Enterprise Manager for MySQL Database, versions 13.2.2.0.0 and prior
- Enterprise Manager for Oracle Database, versions 12.1.0.8, 13.2.2
- Enterprise Manager for Peoplesoft, versions 13.1.1.1, 13.2.1.1
- Enterprise Manager for Virtualization, versions 13.2.2, 13.2.3
- Enterprise Manager Ops Center, versions 12.2.2, 12.3.3
- FMW Platform, versions 12.2.1.2.0, 12.2.1.3.0
- Hardware Management Pack, version 11.3
- Hyperion Data Relationship Management, version 11.1.2.4.330
- Hyperion Financial Reporting, version 11.1.2
- JD Edwards EnterpriseOne Tools, version 9.2
- JD Edwards World Security, versions A9.3, A9.3.1, A9.4
- MICROS 700 Series Tablet, versions Prior to BIOS 0.00.13ORC, Prior to BIOS 0.01.25ORC
- MICROS Handheld Terminal, versions 2018, Android 4.4.4 Security Patch Bulletin prior to February 1
- MICROS Kitchen Display Controller, versions Prior to BIOS 0.00.16ORC
- MICROS Lucas, versions 2.9.5.3, 2.9.5.4, 2.9.5.5, 2.9.5.6
- MICROS Relate CRM Software, versions 10.8.x, 11.4.x
- MICROS Retail-J, versions 10.2.x, 11.0.x, 12.0.x, 12.1.x, 12.1.1.x, 12.1.2.x, 13.1.x
- MICROS Workstation 6, versions prior to BIOS 1.3.1.0, prior to BIOS 1.5.2.0, prior to BIOS 2.3.1.0
- MICROS XBR, versions 7.0.2, 7.0.4
- MySQL Client, versions 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior, 8.0.11 and prior
- MySQL Connectors, versions 5.3.10 and prior, 8.0.11 and prior
- MySQL Enterprise Monitor, versions 3.4.7.4297 and prior, 4.0.4.5235 and prior, 8.0.0.8131 and prior
- MySQL Server, versions 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior, 8.0.11 and prior
- MySQL Workbench, versions 6.3.10 and prior, 8.0.11 and prior
- Oracle Agile Engineering Data Management, versions 6.1.3, 6.2.0, 6.2.1
- Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6
- Oracle Agile PLM MCAD Connector, versions 3.3, 3.4, 3.5, 3.6
- Oracle Agile Product Lifecycle Management for Process, version 6.2.0.0
- Oracle API Gateway, version 11.1.2.4.0
- Oracle Application Testing Suite, version 10.1
- Oracle AutoVue VueLink Integration, versions 21.0.0, 21.0.1
- Oracle Banking Corporate Lending, versions 12.3.0, 12.4.0, 12.5.0, 14.0.0, 14.1.0
- Oracle Banking Payments, versions 12.2.0, 12.3.0, 12.4.0, 12.5.0, 14.1.0
- Oracle Banking Platform, versions 2.6.0, 2.6.1, 2.6.2
- Oracle BI Publisher, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0
- Oracle Business Process Management Suite, versions 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0, 12.2.1.3.0
- Oracle Communications Diameter Signaling Router (DSR), versions 7.x, 8.x
- Oracle Communications EAGLE LNP Application Processor, version 10.x
- Oracle Communications Interactive Session Recorder, versions 5.x, 6.x
- Oracle Communications Messaging Server, version 3.x
- Oracle Communications Network Charging and Control, versions 4.4.1.5.0, 5.0.0.1.0, 5.0.0.2.0, 5.0.1.0.0, 5.0.2.0.0
- Oracle Communications Policy Management, version 12.x
- Oracle Communications Session Border Controller, versions ECz7.x, ECz8.x
- Oracle Communications User Data Repository, versions 10.x, 12.x
- Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18.1, 18.2
- Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7
- Oracle Endeca Information Discovery Studio, versions 3.1, 3.2
- Oracle Enterprise Data Quality, version 12.2.1.3.0
- Oracle Enterprise Repository, versions 11.1.1.7.0, 12.1.3.0.0
- Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3.x, 8.0.x
- Oracle Financial Services Behavior Detection Platform, version 8.0.x
- Oracle Financial Services Funds Transfer Pricing, versions 6.1.1, 8.0.x
- Oracle Financial Services Hedge Management and IFRS Valuations, versions 8.0.4, 8.0.5
- Oracle Financial Services Loan Loss Forecasting and Provisioning, versions 8.0.4, 8.0.5
- Oracle Financial Services Profitability Management, versions 6.1.1, 8.0.x
- Oracle Financial Services Revenue Management and Billing, versions 2.3.0.2.0, 2.4.0.0.0, 2.4.0.1.0, 2.5.0.1.0, 2.5.0.2.0, 2.5.0.3.0
- Oracle FLEXCUBE Enterprise Limits and Collateral Management, versions 12.3.0, 14.0.0, 14.1.0
- Oracle FLEXCUBE Investor Servicing, versions 12.0.4, 12.1.0, 12.3.0, 12.4.0
- Oracle FLEXCUBE Universal Banking, versions 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0, 14.1.0
- Oracle Fusion Middleware, versions 12.2.1.2, 12.2.1.3
- Oracle Fusion Middleware MapViewer, versions 12.2.1.2, 12.2.1.3
- Oracle Global Lifecycle Management OPatchAuto, version All
- Oracle Hospitality Cruise Fleet Management System, version 9.x
- Oracle Hospitality Cruise Shipboard Property Management System, version 8.x
- Oracle Hospitality Gift and Loyalty, version 9.0.0
- Oracle Hospitality OPERA 5 Property Services, version 5.5.x
- Oracle Hospitality Reporting and Analytics, version 9.0.0
- Oracle Hospitality Simphony, versions 2.8, 2.9, 2.10
- Oracle iLearning, version 6.2
- Oracle Insurance Policy Administration, versions 10.0, 10.1, 10.2, 11.0
- Oracle Internet Directory, version 11.1.1.9.0
- Oracle Java SE, versions 6u191, 7u181, 8u172, 10.0.1
- Oracle Java SE Embedded, version 8u171
- Oracle JDeveloper, versions 12.1.3.0.0, 12.2.1.2.0, 12.2.1.3.0
- Oracle JRockit, version R28.3.18
- Oracle Outside In Technology, version 8.5.3
- Oracle Policy Automation, versions 10.4.7, 12.1.0, 12.1.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8, 12.2.9, 12.2.10
- Oracle Policy Automation Connector for Siebel, version 10.4.6
- Oracle Policy Automation for Mobile Devices, versions 10.4.7, 12.1.0, 12.1.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8, 12.2.9, 12.2.10
- Oracle Retail Back Office, versions 14.0, 14.1
- Oracle Retail Bulk Data Integration, version 16.0
- Oracle Retail Central Office, versions 14.0, 14.1
- Oracle Retail Clearance Optimization Engine, version 14.0.5
- Oracle Retail Convenience and Fuel POS Software, version 2.1.132
- Oracle Retail Customer Management and Segmentation Foundation, versions 16.x, 17.x
- Oracle Retail Financial Integration, versions 13.2.x, 14.0.x, 14.1.x, 15.0.x, 16.0.x
- Oracle Retail Integration Bus, versions 12.0.x, 13.0.x, 13.1.x, 13.2.x, 14.0.0 14.1.0, 14.0.x, 14.1.x, 15.0, 15.0.x, 16.0, 16.0.x
- Oracle Retail Order Broker, versions 5.2, 15.0, 16.0
- Oracle Retail Point-of-Sale, versions 14.0, 14.1
- Oracle Retail Point-of-Service, versions 14.0, 14.1
- Oracle Retail Predictive Application Server, version 15.0.3
- Oracle Retail Returns Management, versions 14.0, 14.1
- Oracle Retail Service Backbone, versions 14.0.x, 14.1.x, 15.0.x, 16.0.x
- Oracle Retail Service Layer, versions 12.0.x, 13.0.x, 13.1.x, 13.2.x, 14.0.x
- Oracle Secure Global Desktop, versions 5.3, 5.4
- Oracle SOA Suite, versions 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0, 12.2.1.3.0
- Oracle SuperCluster Specific Software, versions prior to 2.5.0
- Oracle Transportation Management, versions 6.2, 6.3.7, 6.4.1
- Oracle Tuxedo, versions 12.1.1, 12.1.3, 12.2.2
- Oracle Utilities Framework, version 4.3.x
- Oracle Utilities Network Management System, versions 1.12.x, 2.3.x
- Oracle Utilities Work and Asset Management, version 1.9.1.2.12
- Oracle VM VirtualBox, versions prior to 5.2.16
- Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0
- Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.2, 12.2.1.3
- OSS Support Tools, versions prior to 18.3
- PeopleSoft Enterprise CS Financial Aid, versions 9.0, 9.2
- PeopleSoft Enterprise FIN Install, version 9.2
- PeopleSoft Enterprise HCM Human Resources, version 9.2
- PeopleSoft Enterprise PeopleTools, versions 8.55, 8.56
- PeopleSoft HRMS, version 9.2
- Primavera P6 Enterprise Project Portfolio Management, versions 8.4, 15.x, 16.x, 17.x
- Primavera Unifier, versions 16.x, 17.x, 18.x
- Siebel Applications, version 18.0
- Solaris, versions 10, 11.2, 11.3
- Solaris Cluster, versions 3.3, 4.3
- Sun ZFS Storage Appliance Kit (AK), versions prior to 8.7.20
- Tape Library ACSLS, versions Prior to ACSLS 8.4.0-3

CVE References:
CVE-2018-0733, CVE-2018-0739, CVE-2018-1171, CVE-2018-1258, CVE-2018-1270, CVE-2018-1271, CVE-2018-1272, CVE-2018-1275, CVE-2018-1304, CVE-2018-1305, CVE-2018-1327, CVE-2018-2598, CVE-2018-2767, CVE-2018-2881, CVE-2018-2882, CVE-2018-2888, CVE-2018-2891, CVE-2018-2892, CVE-2018-2893, CVE-2018-2894, CVE-2018-2895, CVE-2018-2896, CVE-2018-2897, CVE-2018-2898, CVE-2018-2899, CVE-2018-2900, CVE-2018-2901, CVE-2018-2903, CVE-2018-2904, CVE-2018-2905, CVE-2018-2906, CVE-2018-2907, CVE-2018-2908, CVE-2018-2915, CVE-2018-2916, CVE-2018-2917, CVE-2018-2918, CVE-2018-2919, CVE-2018-2920, CVE-2018-2921, CVE-2018-2923, CVE-2018-2924, CVE-2018-2925, CVE-2018-2926, CVE-2018-2927, CVE-2018-2928, CVE-2018-2929, CVE-2018-2930, CVE-2018-2932, CVE-2018-2933, CVE-2018-2934, CVE-2018-2935, CVE-2018-2936, CVE-2018-2937, CVE-2018-2938, CVE-2018-2939, CVE-2018-2940, CVE-2018-2941, CVE-2018-2942, CVE-2018-2943, CVE-2018-2944, CVE-2018-2945, CVE-2018-2946, CVE-2018-2947, CVE-2018-2948, CVE-2018-2949, CVE-2018-2950, CVE-2018-2951, CVE-2018-2952, CVE-2018-2953, CVE-2018-2954, CVE-2018-2955, CVE-2018-2956, CVE-2018-2957, CVE-2018-2958, CVE-2018-2959, CVE-2018-2960, CVE-2018-2961, CVE-2018-2962, CVE-2018-2963, CVE-2018-2964, CVE-2018-2965, CVE-2018-2966, CVE-2018-2967, CVE-2018-2968, CVE-2018-2969, CVE-2018-2970, CVE-2018-2972, CVE-2018-2973, CVE-2018-2974, CVE-2018-2975, CVE-2018-2976, CVE-2018-2977, CVE-2018-2978, CVE-2018-2979, CVE-2018-2980, CVE-2018-2981, CVE-2018-2982, CVE-2018-2984, CVE-2018-2985, CVE-2018-2986, CVE-2018-2987, CVE-2018-2988, CVE-2018-2989, CVE-2018-2990, CVE-2018-2991, CVE-2018-2992, CVE-2018-2993, CVE-2018-2994, CVE-2018-2995, CVE-2018-2996, CVE-2018-2997, CVE-2018-2998, CVE-2018-2999, CVE-2018-3000, CVE-2018-3001, CVE-2018-3002, CVE-2018-3003, CVE-2018-3004, CVE-2018-3005, CVE-2018-3006, CVE-2018-3007, CVE-2018-3008, CVE-2018-3009, CVE-2018-3010, CVE-2018-3012, CVE-2018-3013, CVE-2018-3014, CVE-2018-3015, CVE-2018-3016, CVE-2018-3017, CVE-2018-3018, CVE-2018-3019, CVE-2018-3020, CVE-2018-3021, CVE-2018-3022, CVE-2018-3023, CVE-2018-3024, CVE-2018-3025, CVE-2018-3026, CVE-2018-3027, CVE-2018-3028, CVE-2018-3029, CVE-2018-3030, CVE-2018-3031, CVE-2018-3032, CVE-2018-3033, CVE-2018-3034, CVE-2018-3035, CVE-2018-3036, CVE-2018-3037, CVE-2018-3038, CVE-2018-3039, CVE-2018-3040, CVE-2018-3041, CVE-2018-3042, CVE-2018-3043, CVE-2018-3044, CVE-2018-3045, CVE-2018-3046, CVE-2018-3047, CVE-2018-3048, CVE-2018-3049, CVE-2018-3050, CVE-2018-3051, CVE-2018-3052, CVE-2018-3053, CVE-2018-3054, CVE-2018-3055, CVE-2018-3056, CVE-2018-3057, CVE-2018-3058, CVE-2018-3060, CVE-2018-3061, CVE-2018-3062, CVE-2018-3063, CVE-2018-3064, CVE-2018-3065, CVE-2018-3066, CVE-2018-3067, CVE-2018-3068, CVE-2018-3069, CVE-2018-3070, CVE-2018-3071, CVE-2018-3072, CVE-2018-3073, CVE-2018-3074, CVE-2018-3075, CVE-2018-3076, CVE-2018-3077, CVE-2018-3078, CVE-2018-3079, CVE-2018-3080, CVE-2018-3081, CVE-2018-3082, CVE-2018-3084, CVE-2018-3085, CVE-2018-3086, CVE-2018-3087, CVE-2018-3088, CVE-2018-3089, CVE-2018-3090, CVE-2018-3091, CVE-2018-3092, CVE-2018-3093, CVE-2018-3094, CVE-2018-3095, CVE-2018-3096, CVE-2018-3097, CVE-2018-3098, CVE-2018-3099, CVE-2018-3100, CVE-2018-3101, CVE-2018-3102, CVE-2018-3103, CVE-2018-3104, CVE-2018-3105, CVE-2018-3108, CVE-2018-3109, CVE-2018-3639, CVE-2018-3640, CVE-2018-7489, CVE-2018-8013, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000300, CVE-2018-1000

Suggested action

CCIRC recommends that system administrators identify their affected assets and potential interdependencies with their organization’s critical services, and follow their patch management process accordingly.

References

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: