Oracle | Hyperion Products
Oracle Critical Patch Update Advisory – October 2016
Essential Oracle | Hyperion Products Affected:
- Oracle Database Server, version(s) 18.104.22.168, 22.214.171.124
- Oracle BI Publisher, version(s) 126.96.36.199.0, 188.8.131.52.0, 184.108.40.206.0
- Oracle Business Intelligence Enterprise Edition, version(s) 220.127.116.11.0, 18.104.22.168.0, 22.214.171.124.0, 126.96.36.199.0
- Oracle Data Integrator, version(s) 188.8.131.52.0, 184.108.40.206.0, 220.127.116.11.0, 18.104.22.168.0, 22.214.171.124.0. 126.96.36.199.0
- Oracle Fusion Middleware, version(s) 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52
- Oracle Java SE, version(s) 6u121, 7u111, 8u102
- Oracle Java SE Embedded, version(s) 8u101
- MySQL Server, version(s) 5.5.52 and prior, 5.6.33 and prior, 5.7.15 and prior
Essential Oracle | Hyperion Related Products Affected:
- Enterprise Manager, versions(s) 12.1.4, 12.2.2, 12.3.2
- Enterprise Manager Base Platform, version(s) 184.108.40.206
- Oracle E-Business Suite, version(s) 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6
- Oracle Fusion Applications, version(s) 11.1.2 through 11.1.9
Patch Availability Document: https://support.oracle.com/epmos/faces/SearchDocDisplay?_adf.ctrl-state=zk5cb3lmn_4&_afrLoop=405226401964509#REF_PURPOSE Please note that Oracle Account sign in is required to view the Oracle support documents including installation documentation.
This Critical Patch Update (CPU) fixes a total of 253 security related flaws across the variety of Oracle Products. Of note, Java requires patching on the individual domains. Beyond Java, no individual domain patching is required.
There are a total of 43 database related issues fixed. MySQL had 31 and Oracle database server with 12. If your MySQL databases are accessible through the internet, we suggest that a DBA from your team review the alert.
Seven security updates were applied to Java specifically. As these vulnerabilities are remotely exploitable, these should be treated as high priority, particularly for Windows users, as Java is typically run with administrative privileges.
With regards to web servers, a variety of Fusion Middleware vulnerabilities have been addressed. 19 of these can be compromised remotely, allowing exploiters full access to the victim’s machine.
Among Communications and Financial applications, 60 vulnerabilities were fixed.
Oracle strongly recommends applying the patches as soon as possible. Should you have any questions on this matter, please do not hesitate to email us at firstname.lastname@example.org. Oracle’s next Critical Patch Update is scheduled for January 17th.