-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2014-038 Title: Oracle Critical Patch Update Advisory of April 2014 Version history: 22.04.2014 Initial publication Summary ======= Oracle Critical Patch Update Advisory of April 2014 contains 104 new security fixes across the product families. A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes [1]. Vulnerable systems ================== Oracle Database 11g Release 1, version 11.1.0.7 Oracle Database 11g Release 2, versions 11.2.0.3, 11.2.0.4 Oracle Database 12c Release 1, version 12.1.0.1 Oracle Fusion Middleware 11g Release 1, versions 11.1.1.7, 11.1.1.8 Oracle Fusion Middleware 12c Release 1, versions 12.1.1.0, 12.1.2.0 Oracle Fusion Applications, versions 11.1.2 through 11.1.8 Oracle Access Manager, versions 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, 11.1.2.2.0 Oracle Containers for J2EE, version 10.1.3.5 Oracle Data Integrator, version 11.1.1.3.0 Oracle Endeca Server, version 2.2.2 Oracle Event Processing, version 11.1.1.7.0 Oracle Identity Analytics, version 11.1.1.5, Sun Role Manager, version 5.0 Oracle OpenSSO, version 8.0 Update 2 Patch 5 Oracle OpenSSO Policy Agent, version 3.0-03 Oracle WebCenter Portal, versions 11.1.1.7, 11.1.1.8 Oracle WebLogic Server, versions 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0 Oracle Hyperion Common Admin, versions 11.1.2.2, 11.1.2.3 Oracle E-Business Suite Release 11i, 12i Oracle Agile PLM Framework, versions 9.3.1.1, 9.3.3.0 Oracle Agile Product Lifecycle Management for Process, versions 6.0.0.7, 6.1.1.3 Oracle Transportation Management, versions 6.3, 6.3.4 Oracle PeopleSoft Enterprise CS Campus Self Service, version 9.0 Oracle PeopleSoft Enterprise HRMS Talent Acquisition Manager, versions 8.52, 8.53 Oracle PeopleSoft Enterprise PT Tools, versions 8.52, 8.53 Oracle Siebel UI Framework, versions 8.1.1, 8.2.2 Oracle iLearning, versions 6.0, 6.1 Oracle JavaFX, version 2.2.51 Oracle Java SE, versions 5.0u61, 6u71, 7u51, 8 Oracle Java SE Embedded, version 7u51 Oracle JRockit, versions R27.8.1, R28.3.1 Oracle Solaris, versions 9, 10, 11.1 Oracle Secure Global Desktop, versions 4.63, 4.71, 5.0, 5.1 Oracle VM VirtualBox, versions prior to 3.2.22, 4.0.24, 4.1.32, 4.2.24, 4.3.10 Oracle MySQL Server, versions 5.5, 5.6 What can you do? ================ Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. [1] More information ================ [1] http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html Best regards, CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJTVl4VAAoJEPpzpNLI8SVoNr0P/i8pxky2jOKMlK6KG1RqzPw8 DbxOvu9KiFXAr0aXDA0NaWVq11xmHxLcOC/iiYnCh1ce5ZBHRVq99H+M66QLJd0v kwgL8LCM228KKeRKnt3HvO8kSB+0vKZYMoW8a79dyvtMyCT/70S2Dv8g3B7XyTc7 DyqW00QB6l709sBFLzlDzIlADJQZPq6TPbptCUfUgYMBx3ktsPW05++LSzKST45T JGd1i3S6DsdC2T4YdjkF/9q+CgwouMPYfQlxKEB2VxbMYAFY2wyAGPq05FDemvVs 8OV1PmpzoIt3tFjOyCXAfrLwv84qdYYxPYroMrv0nuUzCVnnu06I8Prw3xP4XtLq qgbAirSyn0O18ZFMJG0iklFDTMszZ57Nh+8S3nUU5NqJPqvi4v2XxEdQhUID/uL2 j4b9pYBuq/9ofNbaDlex8tZ9IvvfskiAwbQCOD4qYlgBBlJBL40/brDmmRjMeqMt TkXt9uC1wHal0Gay16LZbfDT5+Vv83Hpw1Ln/4Q+WImTg3GLoIbMRxXeDB0rRy+D 2uAPx4iBypSJ2XT0aaCs9YgjWC5jwJ8QmTFxkXi9m1loF0B6vZ7930U8Be1281SL 22CjMV0L7fE4jbF1jSzOW4UU9kiEK/jGPRoYuA8xqtUu5EKvVqSPt8abeUug0P/f 8cJwzvGfK4jz3JQMIySt =XuPa -----END PGP SIGNATURE-----