-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2014-043 Title: Oracle Critical Patch Update Advisory Version history: 08.05.2014 Initial publication Summary ======= The Oracle Critical Patch Update for April 2014 [1] were released. Oracle strongly recommends applying the patches as soon as possible. Vulnerable systems ================== Oracle Database 11g Release 1, version 11.1.0.7 Oracle Database 11g Release 2, versions 11.2.0.3, 11.2.0.4 Oracle Database 12c Release 1, version 12.1.0.1 Oracle Fusion Middleware 11g Release 1, versions 11.1.1.7, 11.1.1.8 Oracle Fusion Middleware 12c Release 1, versions 12.1.1.0, 12.1.2.0 Oracle Fusion Applications, versions 11.1.2 through 11.1.8 Oracle Access Manager, versions 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, 11.1.2.2.0 Oracle Containers for J2EE, version 10.1.3.5 Oracle Data Integrator, version 11.1.1.3.0 Oracle Endeca Server, version 2.2.2 Oracle Event Processing, version 11.1.1.7.0 Oracle Identity Analytics, version 11.1.1.5, Sun Role Manager, version 5.0 Oracle OpenSSO, version 8.0 Update 2 Patch 5 Oracle OpenSSO Policy Agent, version 3.0-03 Oracle WebCenter Portal, versions 11.1.1.7, 11.1.1.8 Oracle WebLogic Server, versions 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0 Oracle Hyperion Common Admin, versions 11.1.2.2, 11.1.2.3 Oracle E-Business Suite Release 11i, 12i Oracle Agile PLM Framework, versions 9.3.1.1, 9.3.3.0 Oracle Agile Product Lifecycle Management for Process, versions 6.0.0.7, 6.1.1.3 Oracle Transportation Management, versions 6.3, 6.3.4 Oracle PeopleSoft Enterprise CS Campus Self Service, version 9.0 Oracle PeopleSoft Enterprise HRMS Talent Acquisition Manager, versions 8.52, 8.53 Oracle PeopleSoft Enterprise PT Tools, versions 8.52, 8.53 Oracle Siebel UI Framework, versions 8.1.1, 8.2.2 Oracle iLearning, versions 6.0, 6.1 Oracle JavaFX, version 2.2.51 Oracle Java SE, versions 5.0u61, 6u71, 7u51, 8 Oracle Java SE Embedded, version 7u51 Oracle JRockit, versions R27.8.1, R28.3.1 Oracle Solaris, versions 9, 10, 11.1 Oracle Secure Global Desktop, versions 4.63, 4.71, 5.0, 5.1 Oracle VM VirtualBox, versions prior to 3.2.22, 4.0.24, 4.1.32, 4.2.24, 4.3.10 Oracle MySQL Server, versions 5.5, 5.6 What can you do? ================ Patches are available in [1]. What to tell your users? ======================== N/A More information ================ [1] http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html Best regards, CERT-EU Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJTa4kSAAoJEPpzpNLI8SVoQR0P/Rmi6TbGlxz3daJNuO2DPMem 4UV9K032zvVnhK5tZLK8u40oHpuTErbz24FXFhZ5pC9zSoyb43Q6olGlfLTahCoa tReETRb5N+VCuoNQV0z/YcDsgBf96M5bxJKag7mQnJpkxX8qOxo6s2Qj7EvLpJUX 6sQdGesKicJLw33OgcuSusw9SkB7aaPm8PxSlCNakzNyoiR0CSnqctvXIjpoXAwJ ieP7S8SuDRZzE13XoNvpkkyHLj1hgAu7LnJrmnN6/LLpuZuLmydZKHYHWQh9XcAM vddQIg0op3N9HF+XgIGlluYmrDFVaccF95JqWQhU6nQ0y1SIaI3hfku6592C11Oj DUe1TG+CzANiIbI9ibehniTLNlNUoTYS/Q1F4sKkzzHrR9W8u7Jffwt8YFfzyD3R rT66Uo8Pc3R9FGpxQQLyP4/ABilB22I+rh4Bfs2uZDAF5PbwBtHDzrfZDfdTwzj6 hg/IKBz46o6GXxd0wZTeIkRTEdkvSy1vJChZFd9ag0wyH8O1cjBWzLDuCzJhb3YR O4+rYcvYcJbqkDj/hgreOuCm6LsZ8p3aP2sMnJEIVaZPkcMi5rjCihy62461+sPS LMFrAur8NM4Qk32oENdW0rnWk9ph+RcIQjomvq6iuqvAKsw7zbUa9phoH05GVJUZ IKcGUhwAWRGkMV75MTUg =nm3H -----END PGP SIGNATURE-----