Oracle Issued Critical Patch Update (CPU) For 78 Security Holes
As expected Oracle today officially released their January security update. In this critical patch update they have closed 78 security holes. The company says that these patch day updates address vulnerabilities in "hundreds of Oracle products". 16 of the vulnerabilities patched are remotely exploitable without authentication. Affected products include Oracle Database 10g and 11g, Fusion Middleware 11g, Application Server 10g, Outside In Technology, WebLogic Server, versions 11i and 12 of its E-Business Suite, Oracle Transportation Management, JD Edwards, Sun Ray, VM Virtualbox, Virtual Desktop Infrastructure, MySQL Server, and PeopleSoft Enterprise CRM, HCM and PeopleTools,. A vulnerability in Solaris 9, 10 and 11 Express's TCP/IP is the highest rated of these with a CVSS score of 7.8 out of 10.0.
According to Oracle:-
Affected Products & Components:-
Security vulnerabilities addressed by this Critical Patch Update affect the products listed in the categories below. The product area of the patches for the listed versions is shown in the Patch Availability column corresponding to the specified Products and Versions column. Please click on the link in the Patch Availability column below or in the Patch Availability Table to access the documentation for those patches.
The list of affected product releases and versions that are in Premier Support or Extended Support, under the Oracle Lifetime Support Policyis as follows:
AFFECTED PRODUCTS AND VERSIONS | PATCH AVAILABILITY |
---|---|
Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3 | Database |
Oracle Database 11g Release 1, version 11.1.0.7 | Database |
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 | Database |
Oracle Database 10g Release 1, version 10.1.0.5 | Database |
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0 | Fusion Middleware |
Oracle Application Server 10g Release 3, version 10.1.3.5.0 | Fusion Middleware |
Oracle Outside In Technology, versions 8.3.5, 8.3.7 | Fusion Middleware |
Oracle WebLogic Server, versions 9.2.4, 10.0.2, 11gR1 (10.3.3, 10.3.4, 10.3.5) | Fusion Middleware |
Oracle E-Business Suite Release 12, versions 12.1.2, 12.1.3 | E-Business Suite |
Oracle E-Business Suite Release 11i, version 11.5.10.2 | E-Business Suite |
Oracle Transportation Management, versions 5.5, 6.0, 6.1, 6.2 | Oracle Supply Chain |
Oracle PeopleSoft Enterprise CRM, version 8.9 | PeopleSoft |
Oracle PeopleSoft Enterprise HCM, versions 8.9, 9.0, 9.1 | PeopleSoft |
Oracle PeopleSoft Enterprise PeopleTools, version 8.52 | PeopleSoft |
Oracle JDEdwards, version 8.98 | JDEdwards |
Oracle Sun Product Suite | Oracle Sun Product Suite |
Oracle VM VirtualBox, version 4.1 | Oracle Virtualization Product Suite |
Oracle Virtual Desktop Infrastructure, version 3.2 | Oracle Virtualization Product Suite |
Oracle MySQL Server, versions 5.0, 5.1, 5.5 | Oracle MySQL Product Suite |
For More Information Click Here