Qualys Blog

www.qualys.com
wkandek

Oracle Critical Patch Update July 2014

Oracle just released their announcement of the July Critical Patch Update (CPU). Oracle bundles the security updates for the majority of the products it controls into a quarterly update – something of a Super Tuesday of computer security. This time we are getting 115 fixes for vulnerabilities over 30 different product groups with even more individual software versions affected.

A good inventory of where you have Oracle software installed is crucial. And even if you do not think you are affected because you are not running Oracle RDBMS or any of its business packages, there might be areas in your organization that run Java (all versions starting from 5, 6, 7 and the newest 8 are affected BTW) and the open-source MySQL, for example.

Stay tuned to next Tuesday when we will have more details.

Here is a list of affected software packages;

  • Oracle Database 11g Release 1, version 11.1.0.7
  • Oracle Database 11g Release 2, versions 11.2.0.3, 11.2.0.4
  • Oracle Database 12c Release 1, version 12.1.0.1
  • Oracle Fusion Middleware 11g Release 1, version 11.1.1.7
  • Oracle Fusion Middleware 12c Release 1, version 12.1.2.0
  • Oracle Glassfish Server, versions 2.1.1, 3.0.1, 3.1.2
  • Oracle Traffic Director, version 11.1.1.7.0
  • Oracle iPlanet Web Proxy Server, version 4.0.24
  • Oracle iPlanet Web Server, version 6.1, 7.0
  • Oracle WebCenter Portal, versions 11.1.1.7.0, 11.1.1.8.0
  • Oracle WebLogic Server, versions 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0
  • Oracle JDeveloper, versions 11.1.1.7.0, 11.1.2.4.0, 12.1.2.0.0
  • Oracle BI Publisher, version 11.1.1.7
  • Oracle Glassfish Communications Server, versions 2.0
  • Oracle HTTP Server, versions 11.1.1.7.0, 12.1.2.0
  • Oracle Hyperion Essbase, versions 11.1.2.2, 11.1.2.3
  • Oracle Hyperion BI+, versions 11.1.2.2, 11.1.2.3
  • Oracle Hyperion Enterprise Performance Management Architect, versions 11.1.2.2, 11.1.2.3
  • Oracle Common Admin, versions 11.1.2.2, 11.1.2.3
  • Oracle Hyperion Analytic Provider Services, versions 11.1.2.2, 11.1.2.3
  • Oracle E-Business Suite Release 11i, version 11.5.10.2
  • Oracle E-Business Suite Release 12i, versions 12.0.6, 12.1.3, 12.2.2, 12.2.3
  • Oracle Transportation Management, versions 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, 6.3.4
  • Oracle Agile Product Collaboration, version 9.3.3
  • Oracle PeopleSoft Enterprise ELS Enterprise Learning Management, version 9.1
  • Oracle PeopleSoft Enterprise PT Tools, versions 8.52, 8.53
  • Oracle PeopleSoft Enterprise FIN Install, versions 8.52, 8.53
  • Oracle PeopleSoft Enterprise SCM Purchasing, versions 9.1, 9.2
  • Oracle Siebel Travel & Transportation, versions 8.1.1, 8.2.2
  • Oracle Siebel UI Framework, versions 8.1.1, 8.2.2
  • Oracle Siebel Core – Server OM Frwks, versions 8.1.1, 8.2.2
  • Oracle Siebel Core – EAI, versions 8.1.1, 8.2.2
  • Oracle Communications Messaging Server, versions 7.0.5.29.0, 7.0.5.30.0
  • Oracle Retail Back Office, versions 8.0, 12.0, 12.0.9IN, 13.0, 13.1, 13.2, 13.3, 13.4, 14.0
  • Oracle Retail Central Office, versions 8.0, 12.0, 12.0.9IN, 13.0, 13.1, 13.2, 13.3, 13.4, 14.0
  • Oracle Retail Returns Management, versions 2.0, 13.1, 13.2, 13.3, 13.4, 14.0
  • Primavera P6 Enterprise Project Portfolio Management, version 8.3.2
  • Oracle Java SE, versions 5.0u65, 6u75, 7u60, 8u5
  • Oracle JRockit, versions R27.8.2, R28.3.2
  • Oracle Solaris, versions 8, 9, 10, 11.1
  • Oracle Secure Global Desktop, versions prior to 4.63, 4.71, 5.0, 5.1
  • Oracle VM VirtualBox, versions prior to 3.2.24, 4.0.26, 4.1.34, 4.2.26, 4.3.14
  • Oracle Virtual Desktop Infrastructure (VDI), versions prior to 3.5.1
  • Sun Ray Software, versions prior to 5.4.3
  • Oracle MySQL Server, versions 5.5, 5.6

Leave a Reply