Articles in this section

See more

Oracle Critical Patch Update for October 2016

Avatar
Maris Jansons
Updated
Follow

Oracle | Hyperion Products

Oracle Critical Patch Update Advisory – October 2016

Link to Update: http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   

Essential Oracle | Hyperion Products Affected:

  • Oracle Database Server, version(s) 11.2.0.4, 12.1.0.2
  • Oracle BI Publisher, version(s) 11.1.1.7.0, 11.1.1.9.0, 12.2.1.0.0
  • Oracle Business Intelligence Enterprise Edition, version(s) 11.1.1.7.0, 11.1.1.9.0, 12.1.1.0.0, 12.2.1.1.0
  • Oracle Data Integrator, version(s) 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0. 12.2.1.1.0
  • Oracle Fusion Middleware, version(s) 11.1.1.7, 11.1.1.9, 11.1.2.3, 11.1.2.4, 12.1.3.0, 11.2.1.0, 12.2.1.1
  • Oracle Java SE, version(s) 6u121, 7u111, 8u102
  • Oracle Java SE Embedded, version(s) 8u101
  • MySQL Server, version(s) 5.5.52 and prior, 5.6.33 and prior, 5.7.15 and prior

Essential Oracle | Hyperion Related Products Affected:

  • Enterprise Manager, versions(s) 12.1.4, 12.2.2, 12.3.2
  • Enterprise Manager Base Platform, version(s) 12.1.0.5
  • Oracle E-Business Suite, version(s) 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6
  • Oracle Fusion Applications, version(s) 11.1.2 through 11.1.9

Patch Availability Document: https://support.oracle.com/epmos/faces/SearchDocDisplay?_adf.ctrl-state=zk5cb3lmn_4&_afrLoop=405226401964509#REF_PURPOSE  Please note that Oracle Account sign in is required to view the Oracle support documents including installation documentation.

Assessment:

This Critical Patch Update (CPU) fixes a total of 253 security related flaws across the variety of Oracle Products. Of note, Java requires patching on the individual domains. Beyond Java, no individual domain patching is required.

There are a total of 43 database related issues fixed. MySQL had 31 and Oracle database server with 12. If your MySQL databases are accessible through the internet, we suggest that a DBA from your team review the alert.

Seven security updates were applied to Java specifically. As these vulnerabilities are remotely exploitable, these should be treated as high priority, particularly for Windows users, as Java is typically run with administrative privileges.

With regards to web servers, a variety of Fusion Middleware vulnerabilities have been addressed. 19 of these can be compromised remotely, allowing exploiters full access to the victim’s machine.

Among Communications and Financial applications, 60 vulnerabilities were fixed.

Oracle strongly recommends applying the patches as soon as possible. Should you have any questions on this matter, please do not hesitate to email us at support@goalgetters.com. Oracle’s next Critical Patch Update is scheduled for January 17th.

Comments

0 comments

Article is closed for comments.