Oracle's October Critical Patch Update fixes 253 Vulnerabilities

Lawrence Abrams

October 19, 2016
02:58 PM
0

Today, Oracle released their October Critical Patch Update, or CPU, that resolves 253 vulnerabilities across all of their products. All of these vulnerabilities are rated as critical as they allow remote code execution in some form. As remote code execution allows attackers to remotely execute commands on an affected computer, it is important that all users install these updates immediately.

At 31 vulnerabilities each, Oracle Communications Applications and Oracle MySQL were tied with the most security patches. Java, which is notoriously being used by exploit kits to install malware on vulnerable systems had 7 new security fixes. This is a considerable drop compared to the 25 Java vulnerabilities patched in the previous year's October 2015 Critical Patch Update.

It is strongly suggested that all users of the affected Oracle products below, immediately upgrade to the latest version.

Affected Products and Versions	Patch Availability
Application Express, version(s) prior to 5.0.4.0.7	Database
Oracle Database Server, version(s) 11.2.0.4, 12.1.0.2	Database
Oracle Secure Backup, version(s) prior to 10.4.0.4.0, prior to 12.1.0.2.0	Oracle Secure Backup
Big Data Graph, version(s) prior to 1.2	Oracle Big Data Graph
NetBeans, version(s) 8.1	Fusion Middleware
Oracle BI Publisher, version(s) 11.1.1.7.0, 11.1.1.9.0, 12.2.1.0.0	Fusion Middleware
Oracle Big Data Discovery, version(s) 1.1.1, 1.1.3, 1.2.0	Fusion Middleware
Oracle Business Intelligence Enterprise Edition, version(s) 11.1.1.7.0, 11.1.1.9.0, 12.1.1.0.0, 12.2.1.1.0	Fusion Middleware
Oracle Data Integrator, version(s) 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0	Fusion Middleware
Oracle Discoverer, version(s) 11.1.1.7.0	Fusion Middleware
Oracle Fusion Middleware, version(s) 11.1.1.7, 11.1.1.9, 11.1.2.3, 11.1.2.4, 12.1.3.0, 12.2.1.0, 12.2.1.1	Fusion Middleware
Oracle GlassFish Server, version(s) 2.1.1, 3.0.1, 3.1.2	Fusion Middleware
Oracle Identity Manager, version(s) -	Fusion Middleware
Oracle iPlanet Web Proxy Server, version(s) 4.0	Fusion Middleware
Oracle iPlanet Web Server, version(s) 7.0	Fusion Middleware
Oracle Outside In Technology, version(s) 8.4.0, 8.5.1, 8.5.2, 8.5.3	Fusion Middleware
Oracle Platform Security for Java, version(s) 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0	Fusion Middleware
Oracle Web Services, version(s) 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0	Fusion Middleware
Oracle WebCenter Sites, version(s) 12.2.1.0.0, 12.2.1.1.0, 12.2.1.2.0	Fusion Middleware
Oracle WebLogic Server, version(s) 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1	Fusion Middleware
Enterprise Manager, version(s) 12.1.4, 12.2.2, 12.3.2	Enterprise Manager
Enterprise Manager Base Platform, version(s) 12.1.0.5	Enterprise Manager
Oracle Application Testing Suite, version(s) 12.5.0.1, 12.5.0.2, 12.5.0.3	Enterprise Manager
Oracle E-Business Suite, version(s) 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6	E-Business Suite
Oracle Advanced Supply Chain Planning, version(s) 12.2.3, 12.2.4, 12.2.5	Oracle Supply Chain Products
Oracle Agile Engineering Data Management, version(s) 6.1.3.0, 6.2.0.0	Oracle Supply Chain Products
Oracle Agile PLM, version(s) 9.3.4, 9.3.5	Oracle Supply Chain Products
Oracle Agile Product Lifecycle Management for Process, version(s) 6.1.0.4, 6.1.1.6, 6.2.0.0	Oracle Supply Chain Products
Oracle Transportation Management, version(s) 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7	Oracle Supply Chain Products
PeopleSoft Enterprise HCM, version(s) 9.2	PeopleSoft
PeopleSoft Enterprise PeopleTools, version(s) 8.54, 8.55	PeopleSoft
PeopleSoft Enterprise SCM Services Procurement, version(s) 9.1, 9.2	PeopleSoft
JD Edwards EnterpriseOne Tools, version(s) 9.1	JD Edwards
JD Edwards World Security, version(s) A9.4	JD Edwards
Siebel Applications, version(s) 7.1, 16.1	Siebel
Oracle Commerce Guided Search, version(s) 6.2.2, 6.3.0, 6.4.1.2, 6.5.0, 6.5.1, 6.5.2	Oracle Commerce
Oracle Commerce Guided Search / Oracle Commerce Experience Manager, version(s) 3.1.1, 3.1.2, 6.2.2, 6.3.0, 6.4.1.2, 6.5.0, 6.5.1, 6.5.2, 11.0, 11.1, 11.2	Oracle Commerce
Oracle Commerce Platform, version(s) 10.0.3.5, 10.2.0.5, 11.2.0.1	Oracle Commerce
Oracle Commerce Service Center, version(s) 10.0.3.5, 10.2.0.5	Oracle Commerce
Oracle Fusion Applications, version(s) 11.1.2 through 11.1.9	Fusion Applications
Oracle Communications Policy Management, version(s) 9.7.3, 9.9.1, 10.4.1, 12.1.1 and prior	Oracle Communications Policy Management
Oracle Enterprise Communications Broker, version(s) Pcz2.0.0m4p5 and earlier	Oracle Enterprise Communications Broker
Oracle Enterprise Session Border Controller, version(s) Ecz7.3m2p2 and earlier	Oracle Enterprise Session Border Controller
Oracle Banking Digital Experience, version(s) 15.1	Oracle Financial Services Applications
Oracle Financial Services Analytical Applications Infrastructure, version(s) 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 8.0.0, 8.0.1, 8.0.2, 8.0.3	Oracle Financial Services Applications
Oracle Financial Services Lending and Leasing, version(s) 14.1.0, 14.2.0	Oracle Financial Services Applications
Oracle FLEXCUBE Core Banking, version(s) 11.5.0.0.0, 11.6.0.0.0	Oracle Financial Services Applications
Oracle FLEXCUBE Enterprise Limits and Collateral Management, version(s) 12.0.0, 12.1.0	Oracle Financial Services Applications
Oracle FLEXCUBE Investor Servicing, version(s) 12.0.1	Oracle Financial Services Applications
Oracle FLEXCUBE Private Banking, version(s) 2.0.0, 2.0.1, 2.2.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0	Oracle Financial Services Applications
Oracle FLEXCUBE Universal Banking, version(s) 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.87.1, 12.87.2	Oracle Financial Services Applications
Oracle Life Sciences Data Hub, version(s) 2.x	Health Sciences
Oracle Hospitality OPERA 5 Property Services, version(s) 5.4.0.0, 5.4.1.0, 5.4.2.0, 5.4.3.0, 5.5.0.0, 5.5.1.0	Oracle Hospitality OPERA 5 Property Services
Oracle Insurance IStream, version(s) 4.3.2	Oracle Insurance Applications
MICROS XBR, version(s) 7.0.2, 7.0.4	MICROS XBR
Oracle Retail Back Office, version(s) 13.0, 13.1, 13.2, 13.3, 13.4, 14.0, 14.1	Oracle Retail Back Office
Oracle Retail Central Office, version(s) 13.0, 13.1, 13.2, 13.3, 13.4, 14.0, 14.1	Oracle Retail Central Office
Oracle Retail Clearance Optimization Engine, version(s) 13.2, 13.3, 13.4, 14.0	Oracle Retail Clearance Optimization Engine
Oracle Retail Customer Insights, version(s) 15.0	Oracle Retail Customer Insights
Oracle Retail Merchandising Insights, version(s) 15.0	Oracle Retail Merchandising Insights
Oracle Retail Returns Management, version(s) 13.0, 13.1, 13.2, 13.3, 13.4, 14.0, 14.1	Oracle Retail Returns Management
Oracle Retail Xstore Payment, version(s) 1.x	Oracle Retail Xstore Payment
Oracle Retail Xstore Point of Service, version(s) 5.0, 5.5, 6.0, 6.5, 7.0, 7.1	Oracle Retail Xstore Point of Service
Primavera P6 Enterprise Project Portfolio Management, version(s) 8.4, 15.x, 16.x	Oracle Primavera Products Suite
Primavera P6 Professional Project Management, version(s) 8.3, 8.4, 15.x, 16.x	Oracle Primavera Products Suite
Oracle Java SE, version(s) 6u121, 7u111, 8u102	Oracle Java SE
Oracle Java SE Embedded, version(s) 8u101	Oracle Java SE
Solaris, version(s) 10, 11.3	Oracle and Sun Systems Products Suite
Solaris Cluster, version(s) 3.3, 4.3	Oracle and Sun Systems Products Suite
Sun ZFS Storage Appliance Kit (AK), version(s) AK 2013	Oracle and Sun Systems Products Suite
Oracle VM VirtualBox, version(s) prior to 5.0.28, prior to 5.1.8	Oracle Linux and Virtualization
Secure Global Desktop, version(s) 4.7, 5.2	Oracle Linux and Virtualization
Sun Ray Operating Software, version(s) prior to 11.1.7	Oracle Linux and Virtualization
Virtual Desktop Infrastructure, version(s) prior to 3.5.3	Oracle Linux and Virtualization
MySQL Connector, version(s) 2.0.4 and prior, 2.1.3 and prior	Oracle MySQL Product Suite
MySQL Server, version(s) 5.5.52 and prior, 5.6.33 and prior, 5.7.15 and prior	Oracle MySQL Product Suite