Oracle to release 88 critical fixes next week


Oracle Critical Patch Update Pre-Release Announcement – July 2012

Description

This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for July 2012, which will be released on Tuesday, July 17, 2012.  While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory.

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. This Critical Patch Update contains 88 new security vulnerability fixes across hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products.  Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.

Vulnerabilities fixed by Critical Patch Updates are scored using the standard CVSS 2.0 scoring (see Oracle’s Use of CVSS Scoring). The highest CVSS 2.0 Base Score for vulnerabilities in this Critical Patch Update is 10.0 for Oracle JRockit of Oracle Fusion Middleware.

Affected Products and Components

Security vulnerabilities addressed by this Critical Patch Update affect the following products:

  • Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3
  • Oracle Database 11g Release 1, version 11.1.0.7
  • Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
  • Oracle Secure Backup, version 10.3.0.3, 10.4.0.1
  • Oracle Fusion Middleware 11g Release 2, version 11.1.2.0
  • Oracle Fusion Middleware 11g Release 1, versions 11.1.1.5, 11.1.1.6
  • Oracle Application Server 10g Release 3, version 10.1.3.5
  • Oracle Identity Management 10g, version 10.1.4.3
  • Hyperion BI+, version 11.1.1.x
  • Oracle JRockit versions, R28.2.3 and earlier, R27.7.2 and earlier
  • Oracle Map Viewer, versions 10.1.3.1, 11.1.1.5, 11.1.1.6
  • Oracle Outside In Technology, versions 8.3.5, 8.3.7
  • Enterprise Manager Plugin for Database 12c Release 1, versions 12.1.0.1, 12.1.0.2
  • Enterprise Manager Grid Control 11g Release 1, version 11.1.0.1
  • Enterprise Manager Grid Control 10g Release 1, version 10.2.0.5
  • Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.6, 12.1.1, 12.1.2, 12.1.3
  • Oracle E-Business Suite Release 11i, version 11.5.10.2
  • Oracle Transportation Management, versions 5.5.06, 6.0, 6.1, 6.2
  • Oracle AutoVue, versions 20.0.2, 20.1
  • Oracle PeopleSoft Enterprise HRMS, versions 9.0, 9.1
  • Oracle PeopleSoft Enterprise PeopleTools, versions 8.50, 8.51, 8.52
  • Oracle Siebel CRM, versions 8.1.1, 8.2.2
  • Oracle Clinical Remote Data Capture Option, versions 4.6, 4.6.2, 4.6.3
  • Oracle Sun Product Suite
  • Oracle MySQL Server, versions 5.1, 5.5

 

Oracle Database Server Executive Summary

This Critical Patch Update contains 4 new security fixes for the Oracle Database Server.  3 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.  None of these fixes are applicable to client-only installations, i.e., installations that do not have the Oracle Database Server installed.

The highest CVSS Base Score of vulnerabilities affecting Oracle Database Server is 5.0

The Oracle Database Server components affected by vulnerabilities that are fixed in this Critical Patch Update are:

  • Core RDBMS
  • Network Layer

Oracle Application Express Listener Executive Summary

 

This Critical Patch Update contains 1 new security fix for Oracle Application Express Listener.  This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle Application Express Listener is 7.8

The Oracle Application Express Listener components affected by vulnerabilities that are fixed in this Critical Patch Update are:

  • Oracle Application Express Listener

Oracle Secure Backup Executive Summary

 

This Critical Patch Update contains 2 new security fixes for Oracle Secure Backup.  Both of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle Secure Backup is 7.8

The Oracle Secure Backup components affected by vulnerabilities that are fixed in this Critical Patch Update are:

  • Apache
  • PHP

Oracle Fusion Middleware Executive Summary

 

This Critical Patch Update contains 22 new security fixes for Oracle Fusion Middleware.  8 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle Fusion Middleware is 10.0

The Oracle Fusion Middleware components affected by vulnerabilities that are fixed in this Critical Patch Update are:

  • Enterprise Manager for Fusion Middleware
  • Oracle HTTP Server
  • Oracle JRockit
  • Oracle MapViewer
  • Oracle Outside In Technology
  • Portal

Oracle Hyperion Executive Summary

 

This Critical Patch Update contains 1 new security fix for Oracle Hyperion.  This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle Hyperion is 4.3

The Oracle Hyperion components affected by vulnerabilities that are fixed in this Critical Patch Update are:

  • Hyperion BI+

Oracle Enterprise Manager Grid Control Executive Summary

 

This Critical Patch Update contains 1 new security fix for Oracle Enterprise Manager Grid Control.  This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.  This fix is not applicable to client-only installations, i.e., installations that do not have Oracle Enterprise Manager Grid Control installed.

The highest CVSS Base Score of vulnerabilities affecting Oracle Enterprise Manager Grid Control is 6.8

The Oracle Enterprise Manager Grid Control components affected by vulnerabilities that are fixed in this Critical Patch Update are:

  • Enterprise Manager for Oracle Database

Oracle E-Business Suite Executive Summary

 

This Critical Patch Update contains 4 new security fixes for the Oracle E-Business Suite.  2 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle E-Business Suite is 4.3

The Oracle E-Business Suite components affected by vulnerabilities that are fixed in this Critical Patch Update are:

  • Oracle Application Object Library
  • Oracle E-Business Intelligence

Oracle Supply Chain Products Suite Executive Summary

 

This Critical Patch Update contains 5 new security fixes for the Oracle Supply Chain Products Suite.  1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle Supply Chain Products Suite is 4.3

The Oracle Supply Chain Products Suite components affected by vulnerabilities that are fixed in this Critical Patch Update are:

  • Oracle AutoVue
  • Oracle Transportation Management

Oracle PeopleSoft Products Executive Summary

 

This Critical Patch Update contains 9 new security fixes for Oracle PeopleSoft Products.  None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle PeopleSoft Products is 5.5

The Oracle PeopleSoft Products components affected by vulnerabilities that are fixed in this Critical Patch Update are:

  • PeoleSoft Enterprise PeopleTools
  • PeopleSoft Enterprise HRMS
  • PeopleSoft Enterprise PeopleTools

Oracle Siebel CRM Executive Summary

 

This Critical Patch Update contains 7 new security fixes for Oracle Siebel CRM.  2 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle Siebel CRM is 6.8

The Oracle Siebel CRM components affected by vulnerabilities that are fixed in this Critical Patch Update are:

  • Siebel CRM

Oracle Industry Applications Executive Summary

 

This Critical Patch Update contains 1 new security fix for Oracle Industry Applications.  This vulnerability is not remotely exploitable without authentication, i.e., may not be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle Industry Applications is 2.8

The Oracle Industry Applications components affected by vulnerabilities that are fixed in this Critical Patch Update are:

  • Oracle Clinical Remote Data Capture Option

Oracle Sun Products Suite Executive Summary

 

This Critical Patch Update contains 25 new security fixes for the Oracle Sun Products Suite.  17 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle Sun Products Suite is 7.8

The Oracle Sun Products Suite components affected by vulnerabilities that are fixed in this Critical Patch Update are:

  • GlassFish Enterprise Server
  • Oracle iPlanet Web Server
  • Solaris
  • Solaris Cluster
  • SPARC T-Series Servers

Oracle MySQL Executive Summary

 

This Critical Patch Update contains 6 new security fixes for Oracle MySQL.  None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle MySQL is 6.8

The Oracle MySQL components affected by vulnerabilities that are fixed in this Critical Patch Update are:

  • MySQL Server
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s