Oracle critical security patch – April 2017

  • Post author:
  • Reading time:36 mins read

Oracle has released 300 security updates as part of the quarterly patch release cycle. The Oracle Critical Patch Update – April 2017 provides fixes for: Database Server, Oracle Secure Backup, Oracle Berkeley DB, Oracle API Gateway, Oracle Fusion Middleware Products,  Enterprise Manager Base Platform, Oracle E-Business Suite, Oracle Transportation Manager, PeopleSoft Applications, JD Edwards EnterpriseOne Tools, Siebel Applications, Oracle Commerce Guided Search / Oracle Commerce Experience Manager, Oracle Fusion Applications, Oracle Communications Applications, Oracle Financial Applications,   Oracle Insurance Data Foundation, Oracle Healthcare Master Person Index, Oracle Hospitality OPERA 5 Property Services, Oracle Insurance Istream, Oracle Retail Applications, Oracle Utilities Applications,  Oracle Primavera Products Suite, Oracle Java SE, Oracle and Sun Systems Products Suite, Oracle VM VirtualBox, Secure Global Desktop, Oracle MySQL Product Suite, Oracle Support Tools. These blogs talk about Oracle Critical Patch Update April 2017.

The CPUApr2017 Advisory addresses:

– Two (2) security vulnerabilities for the Oracle Database Server, Neither of these vulnerabilities may be remotely exploitable without authentication, i.e., none    may be exploited over a network without requiring user credentials. These vulnerabilities requires a vulnerability management tool.

(CVE-2017-3486, CVE-2017-3567)
– One (1) security vulnerability for Oracle Secure Backup, this can be exploited remotely without authentication. Each of these vulnerabilities requires a patch management solution to mitigate them.

(CVE-2016-6290)
– Fourteen (14) security vulnerabilities for the Oracle Berkeley DB, None of these vulnerabilities may be remotely exploitable without authentication, i.e., none   may be exploited over a network without requiring user credentials.

(CVE-2017-3604, CVE-2017-3605, CVE-2017-3606,  CVE-2017-3607, CVE-2017-3608, CVE-2017-3609, CVE-2017-3610, CVE-2017-3611, CVE-2017-3612, CVE-2017-3613, CVE-2017-3614, CVE-2017-3615, CVE-2017-3616, CVE-2017-3617)
– Thirty one (31) security vulnerabilities for the Oracle Fusion Middleware, 20 of these vulnerabilities may be remotely exploitable without authentication, i.e.,    may be exploited over a network without requiring user credentials.

(CVE-2017-5638, CVE-2017-3553, CVE-2016-6303, CVE-2015-7501, CVE-2017-5638, CVE-2016-0714, CVE-2015-7501, CVE-2017-3230, CVE-2017-3540, CVE-2017-3542, CVE-2017-3543, CVE-2017-3625, CVE-2017-3545, CVE-2017-3541, CVE-2017-3601, CVE-2017-3602, CVE-2017-3554, CVE-2016-1181, CVE-2017-3596, CVE-2017-3499, CVE-2017-3506, CVE-2017-3507, CVE-2017-3531, CVE-2017-3593, CVE-2017-3595, CVE-2017-3591, CVE-2017-3594, CVE-2017-3597, CVE-2017-3626, CVE-2017-3598, CVE-2017-3603)
– One (1) security vulnerability for Oracle Hyperion, This can be exploited remotely without any authentication.

(CVE-2015-3237)
– Two (2) security vulnerabilities for Oracle Enterprise Manager Grid Control, These vulnerabilities may be remotely exploitable without authentication.

(CVE-2016-3092,  CVE-2017-3518)
– Eleven (11) security vulnerabilities for Oracle E-Business Suite. Ten of these may be remotely exploitable without authentication.

(CVE-2017-3549, CVE-2017-3555, CVE-2017-3393, CVE-2017-3550, CVE-2017-3337, CVE-2017-3432, CVE-2017-3557, CVE-2017-3592, CVE-2017-3528, CVE-2017-3515,CVE-2017-3556)
– One (1) security vulnerability for Oracle Supply Chain Products Suite. This can not be exploited remotely without authentication.

(CVE-2017-3530)
– Sixteen (16) security vulnerabilities for the Oracle PeopleSoft Products. Eight of these may be remotely exploitable without authentication.

(CVE-2017-3519,  CVE-2017-3547, CVE-2017-3577, CVE-2017-3570, CVE-2017-3520, CVE-2017-3548, CVE-2017-3546, CVE-2014-3596, CVE-2017-    3521, CVE-2017-3525, CVE-2017-3524, CVE-2017-3571, CVE-2017-3522, CVE-2017-3502, CVE-2017-3527, CVE-2017-3536)
– One (1) security vulnerability for Oracle JD Edwards Products.

(CVE-2017-3517)
– One (1) security vulnerability for Oracle Siebel CRM.

(CVE-2017-5638)
– Three (1) security vulnerabilities for Oracle Commerce.

(CVE-2017-3572, CVE-2016-6304, CVE-2016-2107)
– Eleven (11) security vulnerabilities for Oracle Communications Applications

(CVE-2017-5638, CVE-2016-0729, CVE-2016-0635, CVE-2016-3092, CVE- 2013-5209, CVE-2016-6304, CVE-2012-0920, CVE-2017-3732, CVE-2013-2566, CVE-2017-3470, CVE-2015-0204)
– Forty seven (47) security vulnerabilities for Oracle Financial Services Applications.
– One (1) security vulnerability for Oracle Health Sciences Applications.

(CVE-2016-3092)
– Six (6) security vulnerabilities for the Oracle Hospitality Applications.

(CVE-2017-3574, CVE-2017-3568, CVE-2017-3573, CVE-2017-3569, CVE-2017-3552, CVE-2017-3560)
– One (1) security vulnerability for Oracle Insurance Applications.

(CVE-2015-7940)
– Thirty nine (39) security vulnerabilities for the Oracle Retail Applications.
– Seven (7) security vulnerabilities for the Oracle Utilities Applications.

(CVE-2016-5019, CVE-2014-0114, CVE-2016-3092, CVE-2016-3674, CVE-2016-3092, CVE-2017-3537, CVE-2012-5881)
– Seven (7) security vulnerabilities for the Oracle Primavera Products.

(CVE-2017-3503, CVE-2017-3508, CVE-2017-3500, CVE-2017-3583, CVE-2017-3579, CVE-2017-3501, CVE-2017-3732)
– Eight (8) security vulnerabilities for the Oracle Java SE.

(CVE-2017-3512, CVE-2017-3514, CVE-2017-3511, CVE-2017-3526, CVE-2017-3509, CVE-2017-3533, CVE-2017-3544, CVE-2017-3539)
– Twenty one (21) security vulnerabilities for the Oracle Sun Systems Products Suite. Eight of these may be remotely exploitable without authentication.
– Fifteen (15) security vulnerabilities for the Oracle Virtualization. Six of these vulnerabilities may be remotely exploitable without authentication.
– Forty (40) security vulnerabilities for Oracle MySQL. Eleven of these vulnerabilities may be remotely exploitable without authentication.
– Thirteen (13) security vulnerabilities for the Oracle Support Tools. Four of these may be remotely exploitable without authentication.

Detailed list of Affected Products and Components:

Affected Products and Versions Patch Availability
Oracle Database Server, version(s) 11.2.0.4, 12.1.0.2 Database
Oracle Secure Backup, version(s) prior to 12.1.0.3.0 Oracle Secure Backup
Oracle Berkeley DB, version(s) prior to 6.2.32 Berkeley DB
Oracle API Gateway, version(s) 11.1.2.4.0 Fusion Middleware
Oracle Fusion Middleware, version(s) 11.1.1.7, 11.1.1.9, 11.1.2.2, 11.1.2.3, 12.1.3.0, 12.2.1.0, 12.2.1.1 Fusion Middleware
Oracle Fusion Middleware MapViewer, version(s) 11.1.1.9, 12.2.1.1, 12.2.1.2 Fusion Middleware
Oracle GlassFish Server, version(s) 3.1.2 Fusion Middleware
Oracle Identity Manager, version(s) 11.1.2.3.0 Fusion Middleware
Oracle Service Bus, version(s) 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0, 12.2.1.2.0 Fusion Middleware
Oracle Social Network, version(s) prior to 11.1.12.0.0 (17019101) Fusion Middleware
Oracle WebCenter Content, version(s) 11.1.1.7, 11.1.1.9, 12.2.1.0, 12.2.1.1, 12.2.1.2 Fusion Middleware
Oracle WebCenter Sites, version(s) 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0, 12.2.1.2.0 Fusion Middleware
Oracle WebLogic Server, version(s) 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1, 12.2.1.2 Fusion Middleware
Oracle Hyperion Essbase, version(s) 11.1.2.2 Fusion Middleware
Enterprise Manager Base Platform, version(s) 12.1.0, 13.1.0, 13.2.0 Enterprise Manager
Oracle E-Business Suite, version(s) 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 E-Business Suite
Oracle Transportation Manager, version(s) 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, 6.4.1, 6.4.2 Oracle Supply Chain Products
PeopleSoft Enterprise CS Campus Community, version(s) 9.2 PeopleSoft
PeopleSoft Enterprise FIN Receivables, version(s) 9.2 PeopleSoft
PeopleSoft Enterprise FSCM, version(s) 9.1 PeopleSoft
PeopleSoft Enterprise PeopleTools, version(s) 8.54, 8.55 PeopleSoft
PeopleSoft Enterprise SCM eBill Payment, version(s) 9.2 PeopleSoft
PeopleSoft Enterprise SCM eSupplier Connection, version(s) 9.2 PeopleSoft
PeopleSoft Enterprise SCM Purchasing, version(s) 9.2 PeopleSoft
PeopleSoft Enterprise SCM Service Procurement, version(s) 9.2 PeopleSoft
PeopleSoft Enterprise SCM Strategic Sourcing, version(s) 9.2 PeopleSoft
JD Edwards EnterpriseOne Tools, version(s) 9.2 JD Edwards
Siebel Applications, version(s) 6.1, 6.2, 7.0, 7.1 Siebel
Oracle Commerce Guided Search / Oracle Commerce Experience Manager, version(s) 6.1.4, 6.2.2, 6.3.0, 6.4.1.2, 6.5.0, 6.5.1, 6.5.2, 11.0, 11.1, 11.2 Oracle Commerce
Oracle Fusion Applications, version(s) 11.1.2 through 11.1.9 Fusion Applications
Oracle Communications ASAP, version(s) 7.0, 7.2, 7.3 Oracle Communications ASAP
Oracle Communications Network Integrity, version(s) 7.2.4, 7.3.0 Oracle Communications Network Integrity
Oracle Communications Policy Management, version(s) 12.2 Oracle Communications Policy Management
Oracle Communications Security Gateway, version(s) 3.0.0 Oracle Communications Security Gateway
Oracle Communications Service Broker Engineered System Edition, version(s) 6.0, 6.1 Oracle Communications Service Broker Engineered System Edition
Oracle Communications Session Border Controller, version(s) SCZ7.3.0, SCZ7.4.0 Oracle Communications Session Border Controller
Oracle Financial Services Analytical Applications Infrastructure, version(s) 7.3.3, 7.3.4, 7.3.5 Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Asset Liability Management, version(s) 6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4 Oracle Financial Services Asset Liability Management
Oracle Financial Services Basel Regulatory Capital Basic, version(s) 6.1.2, 6.1.3, 8.0.2, 8.0.3 Oracle Financial Services Basel Regulatory Capital Basic
Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, version(s) 6.1.2, 6.1.3, 8.0.2, 8.0.3 Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach
Oracle Financial Services Data Foundation, version(s) 8.0.1, 8.0.2, 8.0.3, 8.0.4 Oracle Financial Services Data Foundation
Oracle Financial Services Data Integration Hub, version(s) 8.0.1, 8.0.2, 8.0.3, 8.0.4 Oracle Financial Services Data Integration Hub
Oracle Financial Services Enterprise Financial Performance Analytics, version(s) 8.0.0 to 8.0.4 Oracle Financial Services Enterprise Financial Performance Analytics
Oracle Financial Services Funds Transfer Pricing, version(s) 6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4 Oracle Financial Services Funds Transfer Pricing
Oracle Financial Services Hedge Management and IFRS Valuations, version(s) 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4 Oracle Financial Services Hedge Management and IFRS Valuations
Oracle Financial Services Institutional Performance Analytics, version(s) 8.0.0 to 8.0.4 Oracle Financial Services Institutional Performance Analytics
Oracle Financial Services Liquidity Risk Management, version(s) 8.0.1, 8.0.2, 8.0.4 Oracle Financial Services Liquidity Risk Management
Oracle Financial Services Loan Loss Forecasting and Provisioning, version(s) 1.5.0, 1.5.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4 Oracle Financial Services Loan Loss Forecasting and Provisioning
Oracle Financial Services Pricing Management/Transfer Pricing Component, version(s) 8.0.0 to 8.0.4 Oracle Financial Services Pricing Management, Transfer Pricing Component
Oracle Financial Services Profitability Management, version(s) 6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4 Oracle Financial Services Profitability Management
Oracle Financial Services Reconciliation Framework, version(s) 8.0.0, 8.0.1, 8.0.2 Oracle Financial Services Analytical Applications Reconciliation Framework
Oracle Financial Services Retail Customer Analytics, version(s) 8.0.0 to 8.0.3 Oracle Financial Services Retail Customer Analytics
Oracle Financial Services Retail Performance Analytics, version(s) 8.0.0 to 8.0.4 Oracle Financial Services Retail Performance Analytics
Oracle FLEXCUBE Direct Banking, version(s) 12.0.2, 12.0.3 Oracle Financial Services Applications
Oracle FLEXCUBE Enterprise Limits and Collateral Management, version(s) 12.0.0, 12.0.1, 12.1.0 Oracle Financial Services Applications
Oracle FLEXCUBE Investor Servicing, version(s) 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0, 12.3.0 Oracle Financial Services Applications
Oracle FLEXCUBE Private Banking, version(s) 2.0.0, 2.0.1, 2.2.0.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 Oracle Financial Services Applications
Oracle FLEXCUBE Universal Banking, version(s) 11.3.0, 11.4.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0 Oracle Financial Services Applications
Oracle Insurance Data Foundation, version(s) 8.0.1, 8.0.2, 8.0.3, 8.0.4 Oracle Insurance Data Foundation
Oracle Healthcare Master Person Index, version(s) 3.0.0.x and 4.0.1.x, prior to and 2.0.1.x Health Sciences
Oracle Hospitality OPERA 5 Property Services, version(s) 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x, 5.5.1.x Oracle Hospitality OPERA 5 Property Services
Oracle Insurance Istream, version(s) 4.3.2 and prior Oracle Insurance Applications
MICROS Lucas, version(s) 2.9.5.1, 2.9.5.2, 2.9.5.3, 2.9.5.4, 2.9.5.5 Retail Applications
MICROS Relate CRM Software, version(s) 10.0, 10.5, 10.8, 11.0, 11.1, 11.4, 15.0 Retail Applications
MICROS XBR, version(s) 10.0.1, 10.5.0, 10.6.0, 10.7.7, 10.8.0, 10.8.1 Retail Applications
MICROS Xstore Payment, version(s) 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, 16.0 Retail Applications
Oracle Retail Advanced Inventory Planning, version(s) 14.1, 15.0 Retail Applications
Oracle Retail Advanced Science Engine, version(s) 14.1 Retail Applications
Oracle Retail Analytic Parameter Calculator – RO, version(s) 15.0 Retail Applications
Oracle Retail Analytics, version(s) 14.0, 14.1, 15.0, 16.0 Retail Applications
Oracle Retail Assortment Planning, version(s) 14.1.3, 15.0.1, 16.0.0 Retail Applications
Oracle Retail Back Office, version(s) 14.1 Retail Applications
Oracle Retail Category Management, version(s) 13.2, 13.3, 14.0, 14.1 Retail Applications
Oracle Retail Category Management Planning & Optimization, version(s) 15.0 Retail Applications
Oracle Retail Customer Insights, version(s) 15.0 Retail Applications
Oracle Retail Customer Management and Segmentation Foundation, version(s) 15.0 Retail Applications
Oracle Retail Demand Forecasting, version(s) 14.1.3, 15.0.2 Retail Applications
Oracle Retail Invoice Matching, version(s) 12.0, 13.0, 13.1, 13.2, 14.0, 14.1 Retail Applications
Oracle Retail Item Planning, version(s) 14.1.3, 15.0.2 Retail Applications
Oracle Retail Macro Space Optimization, version(s) 15.0.2 Retail Applications
Oracle Retail Merchandise Financial Planning, version(s) 14.1.3, 15.0.2 Retail Applications
Oracle Retail Merchandising Insights, version(s) 15.0 Retail Applications
Oracle Retail Open Commerce Platform, version(s) 4.0, 5.0, 5.1, 5.3, 6.0, 6.1, 15.0, 16.0 Retail Applications
Oracle Retail Order Broker, version(s) 5.1, 5.2, 15.0, 16.0 Retail Applications
Oracle Retail Point-of-Service, version(s) 14.1.3 Retail Applications
Oracle Retail Predictive Application Server, version(s) 13.1, 13.2, 13.3, 13.3.3, 13.4, 13.4.3, 14.0, 14.0.3, 14.1, 14.1.3, 15.0, 15.0.2, 16.0.0 Retail Applications
Oracle Retail Regular Price Optimization, version(s) 14.1.3, 15.0.2 Retail Applications
Oracle Retail Replenishment Optimization, version(s) 14.1.3, 15.0.2 Retail Applications
Oracle Retail Returns Management, version(s) 14.1 Retail Applications
Oracle Retail Size Profile Optimization, version(s) 14.1.3, 15.0.2 Retail Applications
Oracle Retail Store Inventory, version(s) 14.1, 15.0, 16.0 Retail Applications
Oracle Retail Warehouse Management System, version(s) 13.2, 14.0, 15.0 Retail Applications
Oracle Retail XBRi Loss Prevention, version(s) 10.0.1, 10.5.0, 10.6.0, 10.7.0, 10.8.0, 10.8.1 Retail Applications
Oracle Retail Xstore Point of Service, version(s) 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, 16.0 Retail Applications
Oracle Real-Time Scheduler, version(s) 2.2.0.3.13, 2.3.0.0, 2.3.0.1 Oracle Utilities Applications
Oracle Utilities Customer Self Service, version(s) 2.1.0.2.0 Oracle Utilities Applications
Oracle Utilities Framework, version(s) 2.2.0.0.0, 4.1.0.1.0, 4.1.0.2.0, 4.2.0.1.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0, 4.3.0.2.0, 4.3.0.3.0 Oracle Utilities Applications
Oracle Utilities Work and Asset Management, version(s) 1.9.1.2.11 Oracle Utilities Applications
Primavera Gateway, version(s) 1.0, 1.1, 14.2, 15.1, 15.2, 16.1, 16.2 Oracle Primavera Products Suite
Primavera P6 Enterprise Project Portfolio Management, version(s) 8.3, 8.4, 15.1, 15.2, 16.1, 16.2 Oracle Primavera Products Suite
Primavera Unifier, version(s) 9.13, 9.14, 10.0, 10.1, 15.1, 15.2 Oracle Primavera Products Suite
Oracle Java SE, version(s) 6u141, 7u131, 8u121 Oracle Java SE
Oracle Java SE Embedded, version(s) 8u121 Oracle Java SE
Oracle JRockit, version(s) R28.3.13 Oracle Java SE
Oracle SuperCluster Specific Software, version(s) 2.3.8, 2.3.13 Oracle and Sun Systems Products Suite
Solaris, version(s) 10, 11.3, None Oracle and Sun Systems Products Suite
Solaris Cluster, version(s) 4.3 Oracle and Sun Systems Products Suite
StorageTek Tape Analytics SW Tool, version(s) prior to 2.2.1 Oracle and Sun Systems Products Suite
Sun ZFS Storage Appliance Kit (AK), version(s) AK 2013 Oracle and Sun Systems Products Suite
Oracle VM VirtualBox, version(s) prior to 5.0.38, prior to 5.1.20 Oracle Linux and Virtualization
Secure Global Desktop, version(s) 4.71, 5.2, 5.3 Oracle Linux and Virtualization
MySQL Cluster, version(s) 7.2.27 and prior, 7.3.16 and prior, 7.4.14 and prior, 7.5.5 and prior Oracle MySQL Product Suite
MySQL Connectors, version(s) 2.1.5 and prior, 5.1.41 and prior Oracle MySQL Product Suite
MySQL Enterprise Backup, version(s) 3.12.3 and prior, 4.0.3 and prior Oracle MySQL Product Suite
MySQL Enterprise Monitor, version(s) 3.1.6.8003 and prior, 3.2.1182 and prior, 3.3.2.1162 and prior Oracle MySQL Product Suite
MySQL Server, version(s) 5.5.54 and prior, 5.6.35 and prior, 5.7.17 and prior, 5.7.11 to 5.7.17 Oracle MySQL Product Suite
MySQL Workbench, version(s) 6.3.8 and prior Oracle MySQL Product Suite
Automatic Service Request (ASR), version(s) prior to 5.7 Oracle Support Tools
Oracle Advanced Support Gateway, version(s) prior to 7.2 Oracle Support Tools
Oracle Trace File Analyzer (TFA), version(s) prior to 12.1.2.8.4 Oracle Support Tools
OSS Support Tools, version(s) prior to RDA 8.15.17.3.14 Oracle Support Tools

However, SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Furthermore, download Saner now and keep your systems updated and secure.

Tags: , , , ,