-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2014-003 Title: Oracle Critical Patch Update Advisory of January 2014 Version history: 15.01.2014 Initial publication Summary ======= Oracle Critical Patch Update Advisory of January 2014 contains 144 new security fixes across the product families. A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. [1] Vulnerable systems ================== Oracle Database 11g Release 1, version 11.1.0.7 Oracle Database 11g Release 2, versions 11.2.0.3, 11.2.0.4 Oracle Database 12c Release 1, version 12.1.0.1 Oracle Fusion Middleware 11g Release 1, versions 11.1.1.6, 11.1.1.7 Oracle Fusion Middleware 11g Release 2, versions 11.1.2.0, 11.1.2.1 Oracle Fusion Middleware 12c Release 2, version 12.1.2 Oracle Containers for J2EE, version 10.1.3.5 Oracle Enterprise Data Quality, versions 8.1, 9.0.8 Oracle Forms and Reports 11g, Release 2, version 11.1.2.1 Oracle GlassFish Server, version 2.1.1, Sun Java Application Server, versions 8.1, 8.2 Oracle HTTP Server 11g, versions 11.1.1.6, 11.1.1.7 Oracle HTTP Server 12c, version 12.1.2 Oracle Identity Manager, versions 11.1.1.5, 11.1.1.7, 11.1.2.0, 11.1.2.1 Oracle Internet Directory, versions 11.1.1.6, 11.1.1.7 Oracle iPlanet Web Proxy Server, version 4.0 Oracle iPlanet Web Server, versions 6.1, 7.0 Oracle Outside In Technology, versions 8.4.0, 8.4.1 Oracle Portal, version 11.1.1.6 Oracle Reports Developer, versions 11.1.1.6, 11.1.1.7, 11.1.2.1 Oracle Traffic Director, versions 11.1.1.6, 11.1.1.7 Oracle WebCenter Portal versions 11.1.1.6.0, 11.1.1.7.0, 11.1.1.8.0 Oracle WebCenter Sites versions 11.1.1.6.1, 11.1.1.8.0 Oracle Hyperion Essbase Administration Services, versions 11.1.2.1, 11.1.2.2, 11.1.2.3 Oracle Hyperion Strategic Finance, versions 11.1.2.1, 11.1.2.2 Oracle E-Business Suite Release 11i, version 11.5.10.2 Oracle E-Business Suite Release 12i, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3 Oracle Agile Product Lifecycle Management for Process, versions 6.0, 6.1, 6.1.1 Oracle AutoVue, versions 20.1.1 Oracle Demantra Demand Management, versions 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3 Oracle Transportation Management, versions 6.0, 6.1, 6.2, 6.3, 6.3.1, 6.3.2 Oracle PeopleSoft Enterprise HRMS, versions 9.1.0, 9.2.0 Oracle PeopleSoft Enterprise HRMS Human Resources, versions 9.1, 9.2 Oracle PeopleSoft Enterprise PeopleTools, versions 8.52, 8.53 Oracle PeopleSoft Enterprise SCM Services Procurement, version 9.2 Oracle Siebel Core, versions 8.1.1, 8.2.2 Oracle Siebel Life Sciences, versions 8.1.1, 8.2.2 Oracle iLearning, version 6.0 Oracle FLEXCUBE Private Banking, versions 1.7, 2.0, 2.0.1, 2.2.0.1, 3.0, 12.0.1, 12.0.2 Oracle JavaFX, versions 2.2.45 and earlier Oracle Java JDK and JRE, versions 5.0u55 and earlier, 6u65 and earlier, 7u45 and earlier Oracle Java SE Embedded, versions 7u45 and earlier Oracle JRockit, versions R27.7.7 and earlier, R28.2.9 and earlier Oracle Solaris versions 8, 9, 10, 11.1 Oracle Secure Global Desktop, versions 4.63.x, 4.71.x, 5.0.x, 5.10 Oracle VM VirtualBox, versions prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, 4.3.6 Oracle MySQL Enterprise Monitor, versions 2.3, 3.0 Oracle MySQL Server, versions 5.1, 5.5, 5.6 What can you do? ================ Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. More information ================ [1] http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJSYUMuAAoJEPpzpNLI8SVobkQP/RSquXEIu9vsai1ujQEH9KRu QsmdRZPXwNOZ4RBOT3MEPfPG1afO9799B47r+ChjXBufZUO3SQtDv2zDeLl6Bc6m g4mtH/tPKc8hLBT19f+WZrBtDl+YfIKu7deWFzxvt3lAzzCGxJKWLX+p1ihk6Yci u9iD6vXcv6hJLFcX77MT7Af+Mkw6iWhxNJTAwGJOd8OQSJYQIPuKjrV5XGooiRSN X1cCbTe5grTK+HBqqZeXB8yvX0ThDno3dEzHcQWpTiBlPLI+nJDumY3B5k++oUU5 nPSMZLcccBk3FezXS07lXLAaOnTHe9C+xTT7j3mB5B/L7Gm1oHuz4bgo0vNNqOFt Y6Lw3yug1vLkciaEwEepCzRXgoxsNmoFedJAkLVYw1F9ZFkYvfIBeTg1sE6hCaxw /Kx7vMbTMXXYw4frTsu18E/HHJlDbRhAs+QYY9fOlWpfvhgzuGdBBzducTmkG2ZM ZlQbMJPHixxmxddu+Z+EOKCSoimQp1GX3e9pMhQ74FFCXkn9EH2OBeznXFpBR2Rz p0AVmyaJgEc+43KlzN8K5o2O9k9Cg/EUc7AAXtRyYD5MQ8r7cZNq2ac9wqfAdjOJ br6BEUbh5WQD1AV/Zh7JMS5xffHcbsKPx4NHsFP5/ljB2s9EsIbq70ifKvlJ9GWQ UIClMzzeFAQ4qICy4uVF =nO8k -----END PGP SIGNATURE-----