(cache) Oracle Critical Patch Update

Oracle Critical Patch Update Pre-Release Announcement - April 2014

Description

This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for April 2014, which will be released on Tuesday, April 15, 2014. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory.

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. This Critical Patch Update contains 103 new security vulnerability fixes across hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.

Vulnerabilities fixed by this Critical Patch Update are scored using the standard CVSS 2.0 scoring (see Oracle's Use of CVSS Scoring). The highest CVSS 2.0 Base Score for vulnerabilities in this Critical Patch Update is 10.0 for Java SE Embedded of Oracle Java SE, Java SE of Oracle Java SE, JavaFX of Oracle Java SE and JRockit of Oracle Java SE.

Affected Products and Components

Security vulnerabilities addressed by this Critical Patch Update affect the following products:

Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 11g Release 2, versions 11.2.0.3, 11.2.0.4
Oracle Database 12c Release 1, version 12.1.0.1
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.7, 11.1.1.8
Oracle Fusion Middleware 12c Release 1, versions 12.1.1.0, 12.1.2.0
Oracle Fusion Applications, versions 11.1.2 through 11.1.8
Oracle Access Manager, versions 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, 11.1.2.2.0
Oracle Containers for J2EE, version 10.1.3.5
Oracle Data Integrator, version 11.1.1.3
Oracle Endeca Server, version 2.2.2
Oracle Event Processing, version 11.1.1.7.0
Oracle Identity Analytics, version 11.1.1.5, Sun Role Manager, version 5.0
Oracle OpenSSO, version 8.0 Update 2 Patch 5
Oracle OpenSSO Policy Agent, version 3.0-03
Oracle WebCenter Portal, versions 11.1.1.7, 11.1.1.8
Oracle WebLogic Server, versions 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0
Oracle Hyperion Common Admin, versions 11.1.2.2, 11.1.2.3
Oracle E-Business Suite Release 11i, 12i
Oracle Agile PLM Framework, versions 9.3.1.1, 9.3.3.0
Oracle Agile Product Lifecycle Management for Process, versions 6.0.0.7, 6.1.1.3
Oracle Transportation Management, versions 6.3, 6.3.4
Oracle PeopleSoft Enterprise CS Campus Self Service, version 9.0
Oracle PeopleSoft Enterprise HRMS Talent Acquisition Manager, versions 8.52, 8.53
Oracle PeopleSoft Enterprise PT Tools, versions 8.52, 8.53
Oracle Siebel UI Framework, version 8.1.1.10
Oracle JavaFX, version 2.2.51
Oracle Java SE, versions 5.0u61, 6u71, 7u51, 8
Oracle Java SE Embedded, version 7u51
Oracle JRockit, versions R27.8.1, R28.3.1
Oracle Solaris, versions 9, 10, 11.1
Oracle Secure Global Desktop, versions 4.63, 4.71, 5.0, 5.1
Oracle VM VirtualBox, versions prior to 3.2.22, 4.0.24, 4.1.32, 4.2.24, 4.3.10
Oracle MySQL Server, versions 5.5, 5.6

Executive Summaries

Oracle Database Server Executive Summary

This Critical Patch Update contains 2 new security fixes for the Oracle Database Server. Neither of these vulnerabilities may be remotely exploitable without authentication, i.e., neither may be exploited over a network without the need for a username and password. None of these fixes are applicable to client-only installations, i.e., installations that do not have the Oracle Database Server installed.

The highest CVSS Base Score of vulnerabilities affecting Oracle Database Server is 8.5

The Oracle Database Server components affected by vulnerabilities that are fixed in this Critical Patch Update are:

Core RDBMS

Oracle Fusion Middleware Executive Summary

This Critical Patch Update contains 20 new security fixes for Oracle Fusion Middleware. 13 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle Fusion Middleware is 7.5

The Oracle Fusion Middleware components affected by vulnerabilities that are fixed in this Critical Patch Update are:

Oracle Access Manager
Oracle Containers for J2EE
Oracle Data Integrator
Oracle Endeca Server
Oracle Event Processing
Oracle Identity Analytics
Oracle OpenSSO
Oracle WebCenter Portal
Oracle WebLogic Server

Oracle Hyperion Executive Summary

This Critical Patch Update contains 3 new security fixes for Oracle Hyperion. 2 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle Hyperion is 6.0

The Oracle Hyperion components affected by vulnerabilities that are fixed in this Critical Patch Update are:

Hyperion Common Admin

Oracle Supply Chain Products Suite Executive Summary

This Critical Patch Update contains 10 new security fixes for the Oracle Supply Chain Products Suite. 3 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle Supply Chain Products Suite is 5.0

The Oracle Supply Chain Products Suite components affected by vulnerabilities that are fixed in this Critical Patch Update are:

Oracle Agile PLM Framework
Oracle Agile Product Lifecycle
Oracle Transportation Management

Oracle PeopleSoft Products Executive Summary

This Critical Patch Update contains 8 new security fixes for Oracle PeopleSoft Products. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle PeopleSoft Products is 5.0

The Oracle PeopleSoft Products components affected by vulnerabilities that are fixed in this Critical Patch Update are:

PeopleSoft Enterprise CS Campus Self Service
PeopleSoft Enterprise HRMS Talent Acquisition Manager
PeopleSoft Enterprise PT PeopleTools

Oracle Siebel CRM Executive Summary

This Critical Patch Update contains 1 new security fix for Oracle Siebel CRM. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle Siebel CRM is 4.3

The Oracle Siebel CRM components affected by vulnerabilities that are fixed in this Critical Patch Update are:

Siebel UI Framework

Oracle Java SE Executive Summary

This Critical Patch Update contains 37 new security fixes for Oracle Java SE. 35 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle Java SE is 10.0

The Oracle Java SE components affected by vulnerabilities that are fixed in this Critical Patch Update are:

Java SE
Java SE Embedded
JavaFX
JRockit

Oracle and Sun Systems Products Suite Executive Summary

This Critical Patch Update contains 3 new security fixes for the Oracle and Sun Systems Products Suite. None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle and Sun Systems Products Suite is 4.9

The Oracle and Sun Systems Products Suite components affected by vulnerabilities that are fixed in this Critical Patch Update are:

Solaris

Oracle Virtualization Executive Summary

This Critical Patch Update contains 5 new security fixes for Oracle Virtualization. 3 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle Virtualization is 9.3

The Oracle Virtualization components affected by vulnerabilities that are fixed in this Critical Patch Update are:

Oracle Secure Global Desktop (SGD)
Oracle VM VirtualBox

Oracle MySQL Executive Summary

This Critical Patch Update contains 14 new security fixes for Oracle MySQL. 2 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle MySQL is 6.5

The Oracle MySQL components affected by vulnerabilities that are fixed in this Critical Patch Update are:

MySQL Client
MySQL Server

E-mail this page

Printer View

Oracle Cloud

Java

Customers and Events

Communities

Services and Store

Log In to My Oracle Support
Training and Certification
Become a Partner
Find a Partner Solution
Purchase from the Oracle Store
Contact and Chat
Phone: +1.800.633.0738
Global Contacts
Oracle Support
Partner Support

Products

Solutions

Downloads

Store

Support

Training

Partners

About

OTN