Oracle Issued Critical Patch Update (CPU) For 78 Security Holes



As expected Oracle today officially released their January security update. In this critical patch update they have closed 78 security holes.  The company says that these patch day updates address vulnerabilities in "hundreds of Oracle products". 16 of the vulnerabilities patched are remotely exploitable without authentication. Affected products include Oracle Database 10g and 11g, Fusion Middleware 11g, Application Server 10g, Outside In Technology, WebLogic Server, versions 11i and 12 of its E-Business Suite, Oracle Transportation Management, JD Edwards, Sun Ray, VM Virtualbox, Virtual Desktop Infrastructure, MySQL Server, and PeopleSoft Enterprise CRM, HCM and PeopleTools,. A vulnerability in Solaris 9, 10 and 11 Express's TCP/IP is the highest rated of these with a CVSS score of 7.8 out of 10.0.

According to Oracle:- 

Affected Products & Components:-

Security vulnerabilities addressed by this Critical Patch Update affect the products listed in the categories below.  The product area of the patches for the listed versions is shown in the Patch Availability column corresponding to the specified Products and Versions column.   Please click on the link in the Patch Availability column below or in the Patch Availability Table to access the documentation for those patches.
The list of affected product releases and versions that are in Premier Support or Extended Support, under the Oracle Lifetime Support Policyis as follows:
AFFECTED PRODUCTS AND VERSIONSPATCH AVAILABILITY
Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3Database
Oracle Database 11g Release 1, version 11.1.0.7Database
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5Database
Oracle Database 10g Release 1, version 10.1.0.5Database
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0Fusion Middleware
Oracle Application Server 10g Release 3, version 10.1.3.5.0Fusion Middleware
Oracle Outside In Technology, versions 8.3.5, 8.3.7Fusion Middleware
Oracle WebLogic Server, versions 9.2.4, 10.0.2, 11gR1 (10.3.3, 10.3.4, 10.3.5)Fusion Middleware
Oracle E-Business Suite Release 12, versions 12.1.2, 12.1.3E-Business Suite
Oracle E-Business Suite Release 11i, version 11.5.10.2E-Business Suite
Oracle Transportation Management, versions 5.5, 6.0, 6.1, 6.2Oracle Supply Chain
Oracle PeopleSoft Enterprise CRM, version 8.9PeopleSoft
Oracle PeopleSoft Enterprise HCM, versions 8.9, 9.0, 9.1PeopleSoft
Oracle PeopleSoft Enterprise PeopleTools, version 8.52PeopleSoft
Oracle JDEdwards, version 8.98JDEdwards
Oracle Sun Product SuiteOracle Sun Product Suite
Oracle VM VirtualBox, version 4.1Oracle Virtualization Product Suite
Oracle Virtual Desktop Infrastructure, version 3.2Oracle Virtualization Product Suite
Oracle MySQL Server, versions 5.0, 5.1, 5.5Oracle MySQL Product Suite


For More Information Click Here