Oracle October 2017 Critical Patch Update Multiple Vulnerabilities



Oracle has released advance notification regarding the October 2017 Critical Patch Update (CPU) to be released on October 17, 2017. The update addresses 250 vulnerabilities affecting the following software:

Java Advanced Management Console
JD Edwards EnterpriseOne Tools
JD Edwards World Security
MICROS Retail XBRi Loss Prevention
MySQL Connectors
MySQL Enterprise Monitor
MySQL Server
Oracle Access Manager
Oracle Agile Engineering Data Management
Oracle Agile PLM
Oracle API Gateway
Oracle BI Publisher
Oracle Business Intelligence Enterprise Edition
Oracle Business Process Management Suite
Oracle Communications Billing and Revenue Management
Oracle Communications Diameter Signaling Router (DSR)
Oracle Communications EAGLE LNP Application Processor
Oracle Communications Messaging Server
Oracle Communications Order and Service Management
Oracle Communications Policy Management
Oracle Communications Services Gatekeeper
Oracle Communications Unified Session Manager
Oracle Communications User Data Repository
Oracle Communications WebRTC Session Controller
Oracle Database Server
Oracle Directory Server Enterprise Edition
Oracle E-Business Suite
Oracle Endeca Information Discovery Integrator
Oracle Engineering Data Management
Oracle Enterprise Manager Ops Center
Oracle Financial Services Analytical Applications Infrastructure
Oracle FLEXCUBE Universal Banking
Oracle Fusion Applications
Oracle Fusion Middleware
Oracle GlassFish Server
Oracle Healthcare Master Person Index
Oracle Hospitality Cruise AffairWhere
Oracle Hospitality Cruise Fleet Management
Oracle Hospitality Cruise Materials Management
Oracle Hospitality Cruise Shipboard Property Management System
Oracle Hospitality Guest Access
Oracle Hospitality Hotel Mobile
Oracle Hospitality OPERA 5 Property Services
Oracle Hospitality Reporting and Analytics
Oracle Hospitality Simphony
Oracle Hospitality Suite8
Oracle HTTP Server
Oracle Hyperion BI+
Oracle Hyperion Financial Reporting
Oracle Identity Manager
Oracle Identity Manager Connector
Oracle Integrated Lights Out Manager (ILOM)
Oracle iPlanet Web Server
Oracle Java SE
Oracle Java SE Embedded
Oracle JDeveloper
Oracle JRockit
Oracle Managed File Transfer
Oracle Outside In Technology
Oracle Retail Back Office
Oracle Retail Clearance Optimization Engine
Oracle Retail Convenience and Fuel POS Software
Oracle Retail Markdown Optimization
Oracle Retail Point-of-Service
Oracle Retail Store Inventory Management
Oracle Retail Xstore Point of Service
Oracle Secure Global Desktop (SGD)
Oracle SOA Suite
Oracle Transportation Management
Oracle Virtual Directory
Oracle VM VirtualBox
Oracle WebCenter Content
Oracle WebCenter Sites
Oracle WebLogic Server
PeopleSoft Enterprise FSCM
PeopleSoft Enterprise HCM
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise PRTL Interaction Hub
PeopleSoft Enterprise PT PeopleTools
PeopleSoft Enterprise SCM eProcurement
Primavera Unifier
Siebel Applications
Solaris Cluster
SPARC Enterprise M3000
SPARC M7
Sun ZFS Storage Appliance Kit (AK)
Tekelec HLR Router

Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system.

Information

Bugtraq ID: 101265
Class: Unknown
CVE:
Remote: Yes
Local: Yes
Published: Oct 13 2017 12:00AM
Updated: Oct 13 2017 12:00AM
Credit: Oracle
Vulnerable: Oracle Weblogic Server 10.3.6 0
Oracle Weblogic Server 12.2.1.2
Oracle Weblogic Server 12.2.1.1
Oracle Weblogic Server 12.1.3.0
Oracle WebCenter Content 12.2.1.2.1
Oracle WebCenter Content 12.2.1.1.1
Oracle WebCenter Content 11.1.1.9
Oracle WebCenter Content 11.1.1.7
Oracle VM VirtualBox 5.1.20
Oracle VM VirtualBox 5.1.16
Oracle VM VirtualBox 5.1.14
Oracle VM VirtualBox 5.1.10
Oracle VM VirtualBox 5.1.8
Oracle Transportation Management 6.4.2
Oracle Transportation Management 6.4.1
Oracle Transportation Management 6.4
Oracle Transportation Management 6.3.5
Oracle Transportation Management 6.3.4
Oracle Transportation Management 6.3.3
Oracle Transportation Management 6.3.2
Oracle Transportation Management 6.3.1
Oracle Transportation Management 6.3.7.1
Oracle Transportation Management 6.3.7
Oracle Transportation Management 6.3.6.1
Oracle Transportation Management 6.3.6
Oracle Transportation Management 6.3.5.1
Oracle Transportation Management 6.3.4.1
Oracle Transportation Management 6.3
Oracle Transportation Management 6.2
Oracle Transportation Management 6.1
Oracle Sun ZFS Storage Appliance Kit (AK) 2013
Oracle Solaris Cluster 4.3
Oracle Solaris Cluster 3.3
Oracle SOA Suite 11.1.1.7.0
Oracle Siebel Applications 17.0
Oracle Siebel Applications 16.0
Oracle Secure Global Desktop 5.3
Oracle Retail Xstore Point of Service 15.0.1
Oracle Retail Xstore Point of Service 15.0
Oracle Primavera Unifier 9.14
Oracle Primavera Unifier 9.13
Oracle Primavera Unifier 16.2
Oracle Primavera Unifier 16.1
Oracle Primavera Unifier 15.2
Oracle Primavera Unifier 15.1
Oracle Primavera Unifier 10.1
Oracle Primavera Unifier 10.0
Oracle Primavera P6 Enterprise Project Portfolio Management 8.3
Oracle PeopleSoft Enterprise PRTL Interaction Hub 9.1.0
Oracle PeopleSoft Enterprise PeopleTools 8.56
Oracle PeopleSoft Enterprise PeopleTools 8.55
Oracle PeopleSoft Enterprise PeopleTools 8.54
Oracle PeopleSoft Enterprise FSCM 9.2
Oracle Outside In Technology 8.5.3.0
Oracle Oracle E-Business Suite Release 12 12.2.5
Oracle Oracle E-Business Suite Release 12 12.2.4
Oracle Oracle E-Business Suite Release 12 12.2.3
Oracle Oracle E-Business Suite Release 12 12.1.3
Oracle Oracle E-Business Suite Release 12 12.1.2
Oracle Oracle E-Business Suite Release 12 12.1.1
Oracle MySQL Server 5.7.18
Oracle MySQL Server 5.7.17
Oracle MySQL Server 5.7.16
Oracle MySQL Server 5.7.15
Oracle MySQL Server 5.7.12
Oracle MySQL Server 5.7
Oracle MySQL Server 5.6.36
Oracle MySQL Server 5.6.35
Oracle MySQL Server 5.6.34
Oracle MySQL Server 5.6.33
Oracle MySQL Server 5.6.30
Oracle MySQL Server 5.6.29
Oracle MySQL Server 5.6.28
Oracle MySQL Server 5.6.27
Oracle MySQL Server 5.6.26
Oracle MySQL Server 5.6.23
Oracle MySQL Server 5.6.22
Oracle MySQL Server 5.6.21
Oracle MySQL Server 5.5.56
Oracle MySQL Server 5.5.55
Oracle MySQL Server 5.5.54
Oracle MySQL Server 5.5.53
Oracle MySQL Server 5.5.52
Oracle MySQL Server 5.5.48
Oracle MySQL Server 5.5.47
Oracle MySQL Server 5.5.46
Oracle MySQL Server 5.5.45
Oracle MySQL Server 5.5.42
Oracle MySQL Server 5.5.41
Oracle MySQL Server 5.5.40
Oracle MySQL Server 5.6.25
Oracle MySQL Server 5.6.24
Oracle MySQL Server 5.6.20
Oracle MySQL Server 5.6.16
Oracle MySQL Server 5.6.15
Oracle MySQL Server 5.6
Oracle MySQL Server 5.5.44
Oracle MySQL Server 5.5.43
Oracle MySQL Server 5.5.36
Oracle MySQL Server 5.5.35
Oracle MySQL Enterprise Monitor 3.3.3.1199
Oracle MySQL Enterprise Monitor 3.3.2.1162
Oracle MySQL Enterprise Monitor 3.2.7.1204
Oracle MySQL Enterprise Monitor 3.2.5.1141
Oracle MySQL Enterprise Monitor 3.1.5.7958
Oracle MySQL Connectors 5.3.7
Oracle MySQL Connectors 6.1.10
Oracle MySQL Cluster 7.3.5
Oracle MICROS Retail XBRi Loss Prevention 10.8.1
Oracle MICROS Retail XBRi Loss Prevention 10.8
Oracle MICROS Retail XBRi Loss Prevention 10.7.7
Oracle MICROS Retail XBRi Loss Prevention 10.7
Oracle MICROS Retail XBRi Loss Prevention 10.6
Oracle MICROS Retail XBRi Loss Prevention 10.5
Oracle MICROS Retail XBRi Loss Prevention 10.0.1
Oracle JRE(Windows Production Release) 1.9
Oracle JRE(Windows Production Release) 1.8 Update 144
Oracle JRE(Windows Production Release) 1.7 Update 151
Oracle JRE(Windows Production Release) 1.6 Update 161
Oracle JRE(Solaris Production Release) 1.9
Oracle JRE(Solaris Production Release) 1.8 Update 144
Oracle JRE(Solaris Production Release) 1.7 Update 151
Oracle JRE(Solaris Production Release) 1.6 Update 161
Oracle JRE(Linux Production Release) 1.9
Oracle JRE(Linux Production Release) 1.8 Update 144
Oracle JRE(Linux Production Release) 1.7 Update 151
Oracle JRE(Linux Production Release) 1.6 Update 161
Oracle JDK(Windows Production Release) 1.9
Oracle JDK(Windows Production Release) 1.8 Update 144
Oracle JDK(Windows Production Release) 1.7 Update 151
Oracle JDK(Windows Production Release) 1.6 Update 161
Oracle JDK(Solaris Production Release) 1.9
Oracle JDK(Solaris Production Release) 1.8 Update 144
Oracle JDK(Solaris Production Release) 1.7 Update 151
Oracle JDK(Solaris Production Release) 1.6 Update 161
Oracle JDK(Linux Production Release) 1.9
Oracle JDK(Linux Production Release) 1.8 Update 144
Oracle JDK(Linux Production Release) 1.7 Update 151
Oracle JDK(Linux Production Release) 1.6 Update 161
Oracle Java Advanced Management Console 2.7
Oracle Identity Manager 11.1.2.3.0
Oracle Hyperion Financial Reporting 11.1.2.4
Oracle Hyperion BI+ 11.1.2 3
Oracle Hyperion BI+ 11.1.2 2
Oracle Hospitality Hotel Mobile 1.1
Oracle Hospitality Cruise AffairWhere 2.2.7.0
Oracle Hospitality Cruise AffairWhere 2.2.6.0
Oracle Hospitality Cruise AffairWhere 2.2.5.0
Oracle Hospitality Cruise AffairWhere 2.2.05.062
Oracle Healthcare Master Person Index 4.0.1.0
Oracle Healthcare Master Person Index 4.0.1
Oracle Glassfish Server 3.1.2
Oracle Glassfish Server 3.0.1
Oracle Fusion Middleware 11.1.2 3.0
Oracle Fusion Middleware 11.1.2 2.0
Oracle Fusion Middleware 11.1.1 7.0
Oracle Fusion Middleware 12.2.1.3
Oracle Fusion Middleware 12.2.1.2.0
Oracle Fusion Middleware 12.2.1.2
Oracle Fusion Middleware 12.2.1.1
Oracle Fusion Middleware 12.1.3.0.0
Oracle Fusion Middleware 11.1.1.9
Oracle Fusion Applications 11.1.9
Oracle Fusion Applications 11.1.8
Oracle Fusion Applications 11.1.7
Oracle Fusion Applications 11.1.6
Oracle Fusion Applications 11.1.5
Oracle Fusion Applications 11.1.4
Oracle Fusion Applications 11.1.3
Oracle Fusion Applications 11.1.2
Oracle Fujitsu server M10-4S
Oracle Fujitsu server M10-4
Oracle Fujitsu server M10-1
Oracle FLEXCUBE Universal Banking 12.3
Oracle FLEXCUBE Universal Banking 12.2
Oracle FLEXCUBE Universal Banking 12.1
Oracle FLEXCUBE Universal Banking 12.0.3
Oracle FLEXCUBE Universal Banking 12.0.2
Oracle FLEXCUBE Universal Banking 12.0.1
Oracle FLEXCUBE Universal Banking 11.4
Oracle FLEXCUBE Universal Banking 11.3
Oracle Enterprise Manager Ops Center 12.3.2
Oracle Enterprise Manager Ops Center 12.2.2
Oracle Edwards World Security A9.4
Oracle Edwards World Security A9.3
Oracle Edwards World Security A9.2
Oracle Edwards World Security A9.1
Oracle Edwards EnterpriseOne Tools 9.2
Oracle E-Business Suite Release 12 12.2.6
Oracle Business Process Management Suite 12.2.1.2.0
Oracle Business Process Management Suite 12.2.1.1.0
Oracle Business Process Management Suite 12.1.3.0.0
Oracle Business Process Management Suite 11.1.1.9.0
Oracle Business Process Management Suite 11.1.1.7.0
Oracle Business Intelligence Enterprise Edition 12.2.1.2.0
Oracle Business Intelligence Enterprise Edition 12.2.1.1.0
Oracle Business Intelligence Enterprise Edition 11.1.1.9.0
Oracle Business Intelligence Enterprise Edition 11.1.1.7.0
Oracle BI Publisher 12.2.1.2.0
Oracle BI Publisher 12.2.1.0.0
Oracle BI Publisher 11.1.1.9.0
Oracle BI Publisher 11.1.1.7.0
Oracle API Gateway 11.1.2.4.0
Oracle Agile PLM 9.3.5
Oracle Agile PLM 9.3.6
Oracle Agile Engineering Data Management 6.2
Oracle Agile Engineering Data Management 6.1.3
Oracle Access Manager 11.1.2.3.0


Not Vulnerable:

Exploit


Some of these issues may not require specific exploit code and may be trivial to exploit.


Related Posts