martes, 20 de enero de 2015

Oracle Critical Patch Update Pre-Release Announcement - January 2015

Description

This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for January 2015, which will be released on Tuesday, January 20, 2015.  While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory.

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. This Critical Patch Update contains 167 new security vulnerability fixes across hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products.  Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.

Vulnerabilities fixed by this Critical Patch Update are scored using the standard CVSS 2.0 scoring (see Oracle's Use of CVSS Scoring). The highest CVSS 2.0 Base Score for vulnerabilities in this Critical Patch Update is 10.0 for Fujitsu M10-1 of Oracle Sun Systems Products Suite, Java SE of Oracle Java SE, M10-4 of Oracle Sun Systems Products Suite and M10-4S Servers of Oracle Sun Systems Products Suite.

Affected Products and Components

Security vulnerabilities addressed by this Critical Patch Update affect the following products:
  • Oracle Database Server, version(s) 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, 12.1.0.2
  • Oracle Fusion Middleware, version(s) 10.1.3.5, 11.1.1.7, 11.1.2.1, 11.1.2.2, 12.1.2, 12.1.3
  • Oracle Fusion Applications, versions 11.1.2 through 11.1.9
  • Oracle Access Manager, version(s) 11.1.1.5, 11.1.1.7, 11.1.2.1, 11.1.2.2
  • Oracle Adaptive Access Manager, version(s) 11.1.1.5, 11.1.1.7, 11.1.2.1, 11.1.2.2
  • Oracle BI Publisher, version(s) 10.1.3.4.2, 11.1.1.7
  • Oracle Business Intelligence Enterprise Edition, version(s) 10.1.3.4.2, 11.1.1.7
  • Oracle Containers for J2EE, version(s) 10.1.3.5
  • Oracle Directory Server Enterprise Edition, version(s) 7.0, 11.1.1.7
  • Oracle Exalogic Infrastructure, version(s) 2.0.6.2.0 (for all X2-2, X3-2, X4-2)
  • Oracle Forms, version(s) 11.1.1.7, 11.1.2.2
  • Oracle GlassFish Server, version(s) 3.0.1, 3.1.2
  • Oracle HTTP Server, version(s) 10.1.3.5.0, 11.1.1.7.0, 12.1.2.0, 12.1.3.0
  • Oracle OpenSSO, version(s) 8.0 Update 2 Patch 5
  • Oracle Real-Time Decision Server, version(s) 11.1.1.7, RTD Platform 3.0.x
  • Oracle Reports Developer, version(s) 11.1.1.7, 11.1.2.2
  • Oracle SOA Suite, version(s) 11.1.1.7
  • Oracle Waveset, version(s) 8.1.1
  • Oracle WebCenter Content, version(s) 11.1.1.8.0
  • Oracle WebLogic Portal, version(s) 10.0.1.0, 10.2.1.0, 10.3.6.0
  • Oracle WebLogic Server, version(s) 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, 12.1.3.0
  • Enterprise Manager Base Platform, version(s) 12.1.0.3, 12.1.0.4
  • Enterprise Manager Ops Center, version(s) 11.1, 11.1.3, 12.1, 12.1.4, 12.2
  • Oracle E-Business Suite, version(s) 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, 12.2.4
  • Oracle Agile PLM, version(s) 9.3.3
  • Oracle Agile PLM for Process, version(s) 6.1.0.3
  • Oracle Transportation Management, version(s) 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5
  • PeopleSoft Enterprise HRMS, version(s) 9.1
  • PeopleSoft Enterprise PeopleTools, version(s) 8.52, 8.53, 8.54
  • JD Edwards EnterpriseOne Tools, version(s) 9.1.5
  • Oracle Enterprise Asset Management, version(s) 8.1.1, 8.2.2
  • Siebel Applications, version(s) 8.1.1, 8.2.2
  • Oracle iLearning, version(s) 6.0, 6.1
  • Oracle Communications Diameter Signaling Router, version(s) 3.x, 4.x, 5.0
  • Oracle Communications Messaging Server, version(s) 7.0.5.33.0 and prior
  • Oracle MICROS Retail, version(s) Xstore: 3.2.1, 3.4.2, 3.5.0, 4.0.1, 4.5.1, 4.8.0, 5.0.3, 5.5.3, 6.0.6, 6.5.2
  • Oracle Healthcare Master Person Index, version(s) 1.x, 2.x
  • Oracle Java SE, version(s) 5.0u75, 6u85, 7u72, 8u25
  • Oracle Java SE Embedded, version(s) 7u71
  • Oracle JRockit, version(s) R27.8.4, R28.3.4
  • Fujitsu M10-1, M10-4, M10-4S Servers, version(s) prior to XCP 2240
  • Integrated Lights Out Manager(ILOM), version(s) prior to 3.2.4
  • Solaris, version(s) 10, 11
  • Solaris Cluster, version(s) 3.3, 4.1
  • SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers, version(s) before XCP 1119
  • Oracle Secure Global Desktop, version(s) 4.63, 4.71, 5.0, 5.1
  • Oracle VM VirtualBox, version(s) prior to 3.2.26, 4.0.28, 4.1.36, 4.2.28, 4.3.20
  • MySQL Server, version(s) 5.5.40 and prior, 5.6.21 and prior 

Executive Summaries

 Oracle Database Server Executive Summary

This Critical Patch Update contains 7 new security fixes for the Oracle Database Server.  None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without the need for a username and password.  None of these fixes are applicable to client-only installations, i.e., installations that do not have the Oracle Database Server installed.

The highest CVSS Base Score of vulnerabilities affecting Oracle Database Server is 9.0
The Oracle Database Server components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Core RDBMS
  • DBMS_UTILITY
  • PL/SQL
  • Recovery
  • Workspace Manager
  • XML Developer's Kit for C 

Oracle Fusion Middleware Executive Summary 

This Critical Patch Update contains 35 new security fixes for Oracle Fusion Middleware.  28 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
The highest CVSS Base Score of vulnerabilities affecting Oracle Fusion Middleware is 9.3
The Oracle Fusion Middleware components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • BI Publisher (formerly XML Publisher)
  • Oracle Access Manager
  • Oracle Adaptive Access Manager
  • Oracle Business Intelligence Enterprise Edition
  • Oracle Containers for J2EE
  • Oracle Directory Server Enterprise Edition
  • Oracle Exalogic Infrastructure
  • Oracle Forms
  • Oracle GlassFish Server
  • Oracle HTTP Server
  • Oracle OpenSSO
  • Oracle Real-Time Decision Server
  • Oracle Reports Developer
  • Oracle Security Service
  • Oracle SOA Suite
  • Oracle Waveset
  • Oracle WebCenter Content
  • Oracle WebLogic Portal
  • Oracle WebLogic Server 

Oracle Enterprise Manager Grid Control Executive Summary 

This Critical Patch Update contains 10 new security fixes for Oracle Enterprise Manager Grid Control.  All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.  None of these fixes are applicable to client-only installations, i.e., installations that do not have Oracle Enterprise Manager Grid Control installed.
The highest CVSS Base Score of vulnerabilities affecting Oracle Enterprise Manager Grid Control is 7.5
The Oracle Enterprise Manager Grid Control components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Enterprise Manager Base Platform
  • Enterprise Manager Ops Center 

Oracle E-Business Suite Executive Summary 

This Critical Patch Update contains 10 new security fixes for the Oracle E-Business Suite.  6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
The highest CVSS Base Score of vulnerabilities affecting Oracle E-Business Suite is 6.4
The Oracle E-Business Suite components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Oracle Application Object Library
  • Oracle Applications DBA
  • Oracle Applications Framework
  • Oracle Customer Intelligence
  • Oracle Customer Interaction History
  • Oracle HCM Configuration Workbench
  • Oracle Marketing
  • Oracle Telecommunications Billing Integrator
  • Oracle Web Applications Desktop Integrator 

Oracle Supply Chain Products Suite Executive Summary 

This Critical Patch Update contains 6 new security fixes for the Oracle Supply Chain Products Suite.  3 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
The highest CVSS Base Score of vulnerabilities affecting Oracle Supply Chain Products Suite is 6.8
The Oracle Supply Chain Products Suite components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Oracle Agile PLM
  • Oracle Agile PLM for Process
  • Oracle Transportation Management 

Oracle PeopleSoft Products Executive Summary 

This Critical Patch Update contains 7 new security fixes for Oracle PeopleSoft Products.  1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
The highest CVSS Base Score of vulnerabilities affecting Oracle PeopleSoft Products is 5.5
The Oracle PeopleSoft Products components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • PeopleSoft Enterprise HRMS
  • PeopleSoft Enterprise PeopleTools 

Oracle JD Edwards Products Executive Summary

This Critical Patch Update contains 1 new security fix for Oracle JD Edwards Products.  This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
The highest CVSS Base Score of vulnerabilities affecting Oracle JD Edwards Products is 7.5
The Oracle JD Edwards Products components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • JD Edwards EnterpriseOne Tools 

Oracle Siebel CRM Executive Summary

 This Critical Patch Update contains 17 new security fixes for Oracle Siebel CRM.  7 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
The highest CVSS Base Score of vulnerabilities affecting Oracle Siebel CRM is 5.0
The Oracle Siebel CRM components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Oracle Enterprise Asset Management
  • Siebel Core - Common Components
  • Siebel Core - EAI
  • Siebel Core - Server BizLogic Script
  • Siebel Core - Server Infrastructure
  • Siebel Core - Server OM Services
  • Siebel Core - System Management
  • Siebel Core EAI
  • Siebel Life Sciences
  • Siebel Public Sector
  • Siebel UI Framework
 Oracle iLearning Executive Summary
 This Critical Patch Update contains 2 new security fixes for Oracle iLearning.  Both of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
The highest CVSS Base Score of vulnerabilities affecting Oracle iLearning is 4.3
The Oracle iLearning components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Oracle iLearning 

Oracle Communications Applications Executive Summary

 This Critical Patch Update contains 2 new security fixes for Oracle Communications Applications.  Both of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
The highest CVSS Base Score of vulnerabilities affecting Oracle Communications Applications is 7.6
The Oracle Communications Applications components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Oracle Communications Diameter Signaling Router
  • Oracle Communications Messaging Server
Oracle Retail Applications Executive Summary

This Critical Patch Update contains 1 new security fix for Oracle Retail Applications.  This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
The highest CVSS Base Score of vulnerabilities affecting Oracle Retail Applications is 6.8
The Oracle Retail Applications components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • MICROS Retail
 Oracle Health Sciences Applications Executive Summary

This Critical Patch Update contains 1 new security fix for Oracle Health Sciences Applications.  This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
The highest CVSS Base Score of vulnerabilities affecting Oracle Health Sciences Applications is 7.5
The Oracle Health Sciences Applications components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Oracle Healthcare Master Person Index
Oracle Java SE Executive Summary

This Critical Patch Update contains 19 new security fixes for Oracle Java SE.  14 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
The highest CVSS Base Score of vulnerabilities affecting Oracle Java SE is 10.0
The Oracle Java SE components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Java SE
  • Java SE Embedded
  • JRockit
 Oracle Sun Systems Products Suite Executive Summary

This Critical Patch Update contains 29 new security fixes for the Oracle Sun Systems Products Suite.  10 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
The highest CVSS Base Score of vulnerabilities affecting Oracle Sun Systems Products Suite is 10.0
The Oracle Sun Systems Products Suite components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Fujitsu M10-1
  • Integrated Lights Out Manager(ILOM)
  • M10-4
  • M10-4S Servers
  • M4000
  • M5000
  • M8000
  • M9000 Servers
  • Solaris
  • Solaris Cluster
  • SPARC Enterprise M3000
 Oracle Virtualization Executive Summary
 This Critical Patch Update contains 11 new security fixes for Oracle Virtualization.  4 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
The highest CVSS Base Score of vulnerabilities affecting Oracle Virtualization is 7.1
The Oracle Virtualization components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Oracle Secure Global Desktop
  • Oracle VM VirtualBox
 Oracle MySQL Executive Summary

This Critical Patch Update contains 9 new security fixes for Oracle MySQL.  3 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
The highest CVSS Base Score of vulnerabilities affecting Oracle MySQL is 7.5
The Oracle MySQL components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • MySQL Server

1 comentario:

  1. Oracle 11g XML Developer --- "
    Oracle 11g XML Developer Online Training
    Send ur Enquiry to contact@21cssindia.com
    Oracle SOA Suite 11g
    Basic Concepts and Architecture
    Overview of service-oriented architecture (SOA)
    Overview XML, XSD, X Path, XSLT, SOAP, WSDL, UDDI" more… Online Training- Corporate Training- IT Support U Can Reach Us On +917386622889 - +919000444287 http://www.21cssindia.com/courses/oracle-11g-xml-developer-online-training-121.html

    ResponderEliminar

Te agradezco tus comentarios. Te esperamos de vuelta.