Oracle | Hyperion Products
Oracle Critical Patch Update Advisory – January 2017
Essential Oracle | Hyperion Products Affected:
- Oracle Database Server, version(s) 18.104.22.168, 22.214.171.124
- Oracle Java SE, version(s) 6u131, 7u121, 8u112
- Oracle Java SE Embedded, version(s) 8u111
- Oracle JRockit, version(s) R28.3.12
- Oracle WebLogic Server, version(s) 10.3.6.0, 126.96.36.199, 188.8.131.52, 184.108.40.206
Essential Oracle | Hyperion Related Products Affected:
- Enterprise Manager Base Platform, version(s) 220.127.116.11, 13.1, 13.2
- Oracle E-Business Suite, version(s) 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6
- Oracle Fusion Middleware, version(s) 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168
- Oracle Fusion Applications, version(s) 11.1.2 through 11.1.9
- MySQL Server, version(s) 5.5.53 and prior, 5.6.34 and prior, 5.7.16 and prior
Patch Availability Document: https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=2220314.1. Please note that an Oracle Account sign in is required to view the Oracle support documents, including installation documentation.
This Critical Patch Update (CPU) fixes a total of 270 security related flaws across a variety of Oracle Products. This is the second largest patch update released by Oracle, the largest being the July 2016 CPU (https://goalgetters.zendesk.com/hc/en-us/articles/215792203-Oracle-Critical-Patch-Update-for-July-2016) which patched 276 vulnerabilities. Of note, the January 2017 CPU provides 121 new fixes for Oracle E-Business Suite (EBS). If exploited, many of these bugs could lead to the theft of key business data, or the manipulation of critical information. Please review the risk matrices to determine the applicability of these fixes in your applications. (http://www.oracle.com/technetwork/security-advisory/cpujan2017verbose-2881728.html#EBS)
Also of note, 16 fixes for both Java SE and Fusion Middleware were released. Many of these vulnerabilities received a CVSS rating (https://www.oracle.com/technetwork/topics/security/cvssscoringsystem-091884.html) of 9.0 and up and should be prioritized. Also resolved this CPU, was a critical vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware - CVE-2017-3248, which received a rating of 9.8. Many of the 27 MySQL fixes that were released received ratings below 6.5.
Oracle strongly recommends applying the patches as soon as possible. Should you have any questions on this matter, please do not hesitate to email us at firstname.lastname@example.org. Oracle’s next Critical Patch Update is scheduled for April 18th.