Articles in this section

See more

Oracle Critical Patch Update for April 2017

Avatar
William Sidgwick
Updated
Follow

Oracle | Hyperion Products

Oracle Critical Patch Update Advisory – April 2017

Link to Update: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

Essential Oracle | Hyperion Products Affected:

  • Oracle Database Server, version(s) 11.2.0.4, 12.1.0.2
  • Oracle Java SE, version(s) 6u141, 7u131, 8u121
  • Oracle Java SE Embedded, version(s) 8u121
  • Oracle JRockit, version(s) R28.3.13
  • Oracle WebLogic Server, version(s) 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1, 12.2.1.2
  • Oracle Hyperion Essbase, version(s) 11.1.2.2 

Essential Oracle | Hyperion Related Products Affected:

  • Enterprise Manager Base Platform, version(s) 12.1.0, 13.1.0, 13.2.0
  • Oracle E-Business Suite, version(s) 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6
  • Oracle Fusion Middleware, version(s) 11.1.1.7, 11.1.1.9, 11.1.2.2, 11.1.2.3, 12.1.3.0, 12.2.1.0, 12.2.1.1
  • Oracle Fusion Applications, version(s) 11.1.2 through 11.1.9
  • MySQL Server, version(s) 5.5.54 and prior, 5.6.35 and prior, 5.7.17 and prior, 5.7.11 to 5.7.17 

Patch Availability Documenthttps://support.oracle.com/rs?type=doc&id=2228898.1

Please note that an Oracle Account sign in is required to view the Oracle support documents, including installation documentation. 

Assessment:

This Critical Patch Update (CPU) contains a total of 300 security related fixes across a variety of Oracle Products. This is the largest patch update released by Oracle, the second largest being the July 2016 CPU (https://goalgetters.zendesk.com/hc/en-us/articles/215792203-Oracle-Critical-Patch-Update-for-July-2016) which patched 276 vulnerabilities. Of note, the April 2017 CPU provides 40 new fixes for Oracle MySQL. If exploited, many of these bugs could lead to the theft of key business data, or the manipulation of critical information. Please review the risk matrices to determine the applicability of these fixes in your applications. (https://www.oracle.com/technetwork/topics/security/cpuapr2017verbose-3236619.html)

Also of note, 31 fixes for Oracle Fusion Middleware and 11 fixes for Oracle E-Business Suite were released. Many of these vulnerabilities received a CVSS rating (https://www.oracle.com/technetwork/topics/security/cvssscoringsystem-091884.html) of 8.0 and up.

Oracle strongly recommends applying the patches as soon as possible. Should you have any questions on this matter, please do not hesitate to email us at support@goalgetters.com. Oracle’s next Critical Patch Update is scheduled for July 18th.

 

Comments

0 comments

Please sign in to leave a comment.