Oracle Critical Patch Update for April 2016

Oracle | Hyperion Products

Oracle Critical Patch Update Advisory – April 2016

Link to Update: http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

Essential Oracle | Hyperion Products Affected:

• Oracle Database Server, version(s) 11.2.0.4, 12.1.0.1, 12.1.0.2
• Oracle BI Publisher, version(s) 12.2.1.0.0
• Oracle Business Intelligence Enterprise Edition, version(s) 11.1.1.7.0, 11.1.1.9.0, 12.2.1.0.0
• Oracle WebLogic Server, version(s) 10.3.6, 12.1.2, 12.1.3, 12.2.1
• Oracle Java SE, version(s) 6u113, 7u99, 8u77
• Oracle Java SE Embedded, version(s) 8u77
• Oracle JRockit, version(s) R28.3.9
• MySQL Server, version(s) 5.5.48 and prior, 5.6.29 and prior, 5.7.11 and prior

Patch Availability Document: https://support.oracle.com/rs?type=doc&id=2031792.1 Please note that Oracle Account sign in is required to view the Oracle support documents including installation documentation.

Assessment:

This Critical Patch Update (CPU) fixes nine Java SE vulnerabilities. The three most critical (CVE-2016-3443, CVE-2016-0687, and CVE-2016-0686) apply to client deployments of Java, while one critical vulnerability (CVE-2016-3449) applies to server deployments of Java.

Two MySQL vulnerabilities are rated critical (CVE-2016-0705 and CVE-2016-0639). If your MySQL databases are accessible through the internet, we suggest that a DBA from your team review the alert.

It is recommended that these Java SE and MySQL vulnerabilities be updated this cycle, as they stand the highest chance of being exploited. Oracle is also encouraging users, if they haven’t done so already, to apply last month’s emergency alert released for Java SE that fixed an issue that was improperly patched in 2013.

Oracle strongly recommends applying the patches as soon as possible. Should you have any questions on this matter, please do not hesitate to email us at support@goalgetters.com. Oracle’s next Critical Patch Update is scheduled for July 19.