Oracle has released advance notification regarding the January 2018 Critical Patch Update (CPU) to be released on April 17, 2018. The update addresses 251 vulnerabilities affecting the following software:
Enterprise Manager Base Platform
Enterprise Manager for MySQL Database
Enterprise Manager for Virtualization
Enterprise Manager Ops Center
Hardware Management Pack
Instantis EnterpriseTrack
JD Edwards EnterpriseOne Tools
JD Edwards World Security
Management Pack for Oracle GoldenGate
MICROS Handheld Terminal
MICROS Lucas
MySQL Cluster
MySQL Enterprise Monitor
MySQL Server
Oracle Access Manager
Oracle Adaptive Access Manager
Oracle Agile Engineering Data Management
Oracle Agile PLM Framework
Oracle Agile Product Lifecycle Management for Process
Oracle Application Testing Suite
Oracle Banking Corporate Lending
Oracle Banking Enterprise Collections
Oracle Banking Enterprise Originations
Oracle Banking Enterprise Product Manufacturing
Oracle Banking Payments
Oracle Banking Platform
Oracle Big Data Discovery
Oracle Business Intelligence Data Warehouse Administration Console
Oracle Business Intelligence Enterprise Edition
Oracle Communications Calendar Server
Oracle Communications Contacts Server
Oracle Communications EAGLE LNP Application Processor
Oracle Communications Messaging Server
Oracle Communications MetaSolv Solution
Oracle Communications Network Charging and Control
Oracle Communications Network Intelligence
Oracle Communications Order and Service Management
Oracle Communications Unified Inventory Management
Oracle Data Visualization Desktop
Oracle Database Server
Oracle E-Business Suite
Oracle Endeca Information Discovery Integrator
Oracle Endeca Information Discovery Studio
Oracle Endeca Server
Oracle Enterprise Repository
Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Basel Regulatory Capital Basic
Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach
Oracle Financial Services Hedge Management and IFRS Valuations
Oracle Financial Services Market Risk Measurement and Management
Oracle FLEXCUBE Core Banking
Oracle FLEXCUBE Enterprise Limits and Collateral Management
Oracle FLEXCUBE Investor Servicing
Oracle FLEXCUBE Private Banking
Oracle FLEXCUBE Universal Banking
Oracle Fusion Applications
Oracle Fusion Middleware
Oracle Fusion Middleware MapViewer
Oracle GoldenGate
Oracle GoldenGate Veridata
Oracle Hospitality Cruise Fleet Management System
Oracle Hospitality Guest Access
Oracle Hospitality Reporting and Analytics
Oracle Hospitality Simphony
Oracle Hospitality Simphony First Edition
Oracle Hospitality Suite8
Oracle HTTP Server
Oracle Java SE
Oracle Java SE Embedded
Oracle JRockit
Oracle Managed File Transfer
Oracle Mobile Security Suite
Oracle Outside In Technology
Oracle Retail Advanced Inventory Planning
Oracle Retail Back Office
Oracle Retail Central Office
Oracle Retail Customer Engagement
Oracle Retail EFTLink
Oracle Retail Insights
Oracle Retail Integration Bus
Oracle Retail Invoice Matching
Oracle Retail Merchandising System
Oracle Retail Order Broker
Oracle Retail Order Management System
Oracle Retail Point-of-Service
Oracle Retail Predictive Application Server
Oracle Retail Price Management
Oracle Retail Returns Management
Oracle Retail Store Inventory Management
Oracle Retail Xstore Point of Service
Oracle Secure Global Desktop (SGD)
Oracle Security Service
Oracle Transportation Management
Oracle Tuxedo
Oracle Utilities Framework
Oracle VM VirtualBox
Oracle WebCenter Content
Oracle WebCenter Portal
Oracle WebCenter Sites
Oracle WebLogic Portal
Oracle WebLogic Server
OSS Support Tools
PeopleSoft Enterprise HCM
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise PRTL Interaction Hub
PeopleSoft Enterprise PT PeopleTools
Primavera P6 Enterprise Project Portfolio Management
Primavera Unifier
Real-Time Decisions (RTD) Solutions
Siebel Applications
Solaris
Solaris Cluster
Sun ZFS Storage Appliance Kit (AK)
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system.
Information
Oracle Weblogic Server 12.2.1.3
Oracle Weblogic Server 12.2.1.2
Oracle Weblogic Server 12.1.3.0
Oracle Weblogic Portal 10.3.6.0.0
Oracle WebCenter Sites 11.1.1 8.0
Oracle WebCenter Sites 12.2.1.3.0
Oracle WebCenter Sites 12.2.1.2.0
Oracle WebCenter Portal 12.2.1.3.0
Oracle WebCenter Portal 12.2.1.2.0
Oracle WebCenter Content 12.2.1.3.0
Oracle WebCenter Content 12.2.1.2.0
Oracle WebCenter Content 11.1.1.9.0
Oracle VM VirtualBox 5.2.10
Oracle VM VirtualBox 5.1.36
Oracle Utilities Framework 4.3
Oracle Utilities Framework 4.2
Oracle Utilities Framework 2.2
Oracle Tuxedo 12.1.1.0.0
Oracle Transportation Management 6.4.3
Oracle Transportation Management 6.2
Oracle Sun ZFS Storage Appliance Kit 8.7.17
Oracle Solaris Cluster 4.3
Oracle Solaris 11.3
Oracle Solaris 10
Oracle Security Service 12.2.1.2.0
Oracle Security Service 12.1.3.0.0
Oracle Secure Global Desktop 5.3
Oracle Retail Xstore Point of Service 16.0.3
Oracle Retail Xstore Point of Service 15.0.2
Oracle Retail Xstore Point of Service 7.1.7
Oracle Retail Xstore Point of Service 7.0.7
Oracle Retail Xstore Point of Service 6.5.12
Oracle Retail Xstore Point of Service 6.0.12
Oracle Retail Xstore Point of Service 7.1
Oracle Retail Xstore Point of Service 7.0
Oracle Retail Xstore Point of Service 6.5
Oracle Retail Xstore Point of Service 6.0
Oracle Retail Xstore Point of Service 16.0
Oracle Retail Store Inventory Management 16.0.1
Oracle Retail Store Inventory Management 15.0.2
Oracle Retail Store Inventory Management 14.1.3
Oracle Retail Store Inventory Management 14.0.4
Oracle Retail Store Inventory Management 13.2.9
Oracle Retail Store Inventory Management 13.1.9
Oracle Retail Store Inventory Management 13.0.7
Oracle Retail Store Inventory Management 12.0.12
Oracle Retail Returns Management 14.1.3
Oracle Retail Returns Management 14.0.4
Oracle Retail Returns Management 2.4.9
Oracle Retail Returns Management 2.3.8
Oracle Retail Price Management 16.0
Oracle Retail Price Management 15.0
Oracle Retail Price Management 14.1
Oracle Retail Price Management 14.0
Oracle Retail Price Management 13.2
Oracle Retail Price Management 13.1
Oracle Retail Price Management 13.0
Oracle Retail Price Management 12.0
Oracle Retail Predictive Application Server 14.1.3
Oracle Retail Predictive Application Server 14.0.3
Oracle Retail Predictive Application Server 13.4.3
Oracle Retail Point-of-Service 14.1.3
Oracle Retail Point-of-Service 14.0.4
Oracle Retail Point-of-Service 13.4.9
Oracle Retail Point-of-Service 13.3.8
Oracle Retail Order Management System 5.0
Oracle Retail Order Management System 4.7
Oracle Retail Order Management System 4.5
Oracle Retail Order Management System 4.0
Oracle Retail Order Broker 5.2
Oracle Retail Order Broker 5.1
Oracle Retail Order Broker 5.0
Oracle Retail Order Broker 16.0
Oracle Retail Order Broker 15.0
Oracle Retail Merchandising System 16.0
Oracle Retail Invoice Matching 16.0
Oracle Retail Invoice Matching 15.0
Oracle Retail Invoice Matching 14.1
Oracle Retail Invoice Matching 14.0
Oracle Retail Invoice Matching 13.2
Oracle Retail Invoice Matching 13.1
Oracle Retail Invoice Matching 13.0
Oracle Retail Invoice Matching 12.0
Oracle Retail Integration Bus 13.2
Oracle Retail Insights 16.0
Oracle Retail Insights 15.0
Oracle Retail Insights 14.1
Oracle Retail Insights 14.0
Oracle Retail EFTLink 16.0.3
Oracle Retail EFTLink 15.0.2
Oracle Retail EFTLink 1.1.125
Oracle Retail Customer Engagement 16.0
Oracle Retail Central Office 14.1.3
Oracle Retail Central Office 14.0.4
Oracle Retail Central Office 13.4.9
Oracle Retail Back Office 14.1.3
Oracle Retail Back Office 14.0.4
Oracle Retail Back Office 13.4.9
Oracle Retail Advanced Inventory Planning 15.0
Oracle Retail Advanced Inventory Planning 14.1
Oracle Retail Advanced Inventory Planning 13.4
Oracle Retail Advanced Inventory Planning 13.2
Oracle Real-Time Decisions 3.2.0.0.0
Oracle Primavera Unifier 17.0
Oracle Primavera Unifier 16.0
Oracle Primavera P6 Enterprise Project Portfolio Management 17.12
Oracle Primavera P6 Enterprise Project Portfolio Management 17.1
Oracle Primavera P6 Enterprise Project Portfolio Management 16.2
Oracle PeopleSoft Enterprise PT PeopleTools 8.56
Oracle PeopleSoft Enterprise PT PeopleTools 8.55
Oracle PeopleSoft Enterprise PT PeopleTools 8.54
Oracle PeopleSoft Enterprise PRTL Interaction Hub 9.1
Oracle PeopleSoft Enterprise PeopleTools 8.56
Oracle PeopleSoft Enterprise PeopleTools 8.55
Oracle PeopleSoft Enterprise PeopleTools 8.54
Oracle PeopleSoft Enterprise HCM 9.2
Oracle Outside In Technology 8.5.3
Oracle OSS Support Tools 18.2
Oracle MySQL Server 5.7.21
Oracle MySQL Server 5.6.39
Oracle MySQL Server 5.5.59
Oracle MySQL Enterprise Monitor 4.0.2.5168
Oracle MySQL Enterprise Monitor 3.4.5.4248
Oracle MySQL Enterprise Monitor 3.3.7.3306
Oracle MySQL Cluster 7.5.5
Oracle MySQL Cluster 7.4.14
Oracle MySQL Cluster 7.3.16
Oracle MySQL Cluster 7.2.27
Oracle Mobile Security Suite 3.0.1
Oracle MICROS Lucas 2.9.5
Oracle MICROS Handheld Terminal 2.03.0.0.021R
Oracle Management Pack for Oracle GoldenGate 11.2.1.0.13
Oracle Managed File Transfer 12.2.1.3.0
Oracle Managed File Transfer 12.2.1.2.0
Oracle Managed File Transfer 12.1.3.0.0
Oracle JRockit R28.3.17
Oracle JRE (Linux Production Release) 1.8 Update 162
Oracle JRE (Linux Production Release) 1.8 Update 152
Oracle JRE (Linux Production Release) 1.7 Update 171
Oracle JRE (Linux Production Release) 1.7 Update 161
Oracle JRE (Linux Production Release) 1.6 Update 181
Oracle JDK (Windows Production Release) 1.8 Update 152
Oracle JDK (Linux Production Release) 1.8 Update 162
Oracle JDK (Linux Production Release) 1.7 Update 171
Oracle JDK (Linux Production Release) 1.6 Update 181
Oracle JD Edwards World Security A9.4
Oracle JD Edwards World Security A9.3
Oracle JD Edwards World Security A9.2
Oracle JD Edwards EnterpriseOne 9.2.2
Oracle Instantis EnterpriseTrack 17.2
Oracle Instantis EnterpriseTrack 17.1
Oracle HTTP Server 12c 12.1.3
Oracle HTTP Server 12c 12.2.1.2
Oracle Hospitality Suite8 8.0
Oracle Hospitality Simphony First Edition 1.7
Oracle Hospitality Simphony First Edition 1.6
Oracle Hospitality Simphony 2.9
Oracle Hospitality Simphony 2.8
Oracle Hospitality Simphony 2.7
Oracle Hospitality Simphony 2.10
Oracle Hospitality Reporting and Analytics 9.0
Oracle Hospitality Guest Access 4.2.1
Oracle Hospitality Guest Access 4.2
Oracle Hospitality Cruise Fleet Management System 9.0
Oracle Hardware Management Pack 2.4.3
Oracle Hardware Management Pack 2.4.2
Oracle Hardware Management Pack 2.4.1
Oracle Hardware Management Pack 2.4
Oracle GoldenGate Veridata 12.1.3.0.0
Oracle GoldenGate Veridata 11.2.0.1.2
Oracle GoldenGate 12.2.0.1
Oracle Fusion Middleware MapViewer 11.1.1.9.0
Oracle Fusion Middleware MapViewer 11.1.1.7.0
Oracle Fusion Middleware 12.2.1.3
Oracle Fusion Middleware 12.2.1.2
Oracle Fusion Middleware 12.1.3.0
Oracle Fusion Middleware 11.1.2.3
Oracle Fusion Middleware 11.1.1.9
Oracle Fusion Middleware 11.1.1.7
Oracle Fusion Applications 11.1.9
Oracle Fusion Applications 11.1.8
Oracle Fusion Applications 11.1.7
Oracle Fusion Applications 11.1.6
Oracle Fusion Applications 11.1.5
Oracle Fusion Applications 11.1.4
Oracle Fusion Applications 11.1.3
Oracle Fusion Applications 11.1.2
Oracle FLEXCUBE Universal Banking 14.0
Oracle FLEXCUBE Universal Banking 12.4
Oracle FLEXCUBE Universal Banking 12.3
Oracle FLEXCUBE Universal Banking 12.2
Oracle FLEXCUBE Universal Banking 12.1
Oracle FLEXCUBE Universal Banking 12.0.3
Oracle FLEXCUBE Universal Banking 12.0.2
Oracle FLEXCUBE Universal Banking 12.0.1
Oracle FLEXCUBE Universal Banking 11.4
Oracle FLEXCUBE Universal Banking 11.3
Oracle FLEXCUBE Private Banking 12.1
Oracle FLEXCUBE Private Banking 12.0
Oracle FLEXCUBE Investor Servicing 12.4
Oracle FLEXCUBE Investor Servicing 12.3
Oracle FLEXCUBE Investor Servicing 12.1
Oracle FLEXCUBE Investor Servicing 12.0.4
Oracle FLEXCUBE Enterprise Limits and Collateral Management 14.0
Oracle FLEXCUBE Enterprise Limits and Collateral Management 12.3
Oracle FLEXCUBE Core Banking 11.7
Oracle FLEXCUBE Core Banking 11.6
Oracle FLEXCUBE Core Banking 11.5
Oracle Financial Services Market Risk Measurement and Management 8.0.5
Oracle Financial Services Hedge Management and IFRS Valuations 8.0.5
Oracle Financial Services Hedge Management and IFRS Valuations 8.0.4
Oracle Financial Services Basel Regulatory Capital Internal Ratings Bas 8.0
Oracle Financial Services Basel Regulatory Capital Basic 8.0
Oracle Financial Services Analytical Applications Infrastructure 8.0
Oracle Financial Services Analytical Applications Infrastructure 7.3
Oracle Enterprise Repository 12.1.3.0.0
Oracle Enterprise Repository 11.1.1.7.0
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Enterprise Manager Ops Center 12.2.2
Oracle Enterprise Manager for Virtualization 13.2
Oracle Enterprise Manager for MySQL Database 12.1.0.4
Oracle Enterprise Manager 13.2.0.0
Oracle Enterprise Manager 12.1.0.5
Oracle Endeca Server 7.7
Oracle Endeca Information Discovery Studio 7.7.0.0.0
Oracle Endeca Information Discovery Studio 7.6.1.0.0
Oracle Endeca Information Discovery Integrator 3.2
Oracle Endeca Information Discovery Integrator 3.1
Oracle E-Business Suite 12.2.7
Oracle E-Business Suite 12.2.6
Oracle E-Business Suite 12.2.3
Oracle E-Business Suite 12.1.2
Oracle E-Business Suite 12.1.1
Oracle E-Business Suite 12.2.5
Oracle E-Business Suite 12.2.4
Oracle E-Business Suite 12.1.3
Oracle Database Server 12.2.0.1
Oracle Database Server 12.1.0.2
Oracle Database Server 11.2.0.4.0
Oracle Data Visualization Desktop 12.2.4.1.1
Oracle Communications Unified Inventory Management 7.0
Oracle Communications Order and Service Management 7.3.5.0.0
Oracle Communications Order and Service Management 7.3.1.0.7
Oracle Communications Order and Service Management 7.3.0.1.0
Oracle Communications Order and Service Management 7.2.4.3.0
Oracle Communications Network Intelligence 7.3
Oracle Communications Network Charging and Control 5.0.2.0.0
Oracle Communications Network Charging and Control 5.0.1.0.0
Oracle Communications Network Charging and Control 5.0.0.2.0
Oracle Communications Network Charging and Control 5.0.0.1.0
Oracle Communications Network Charging and Control 4.4.1.5.0
Oracle Communications MetaSolv Solution 6.3
Oracle Communications Messaging Server 8.0
Oracle Communications EAGLE LNP Application Processor 10.1.0.0.0
Oracle Communications Contacts Server 8.0
Oracle Communications Calendar Server 8.0
Oracle Business Intelligence Enterprise Edition 12.2.1.3.0
Oracle Business Intelligence Enterprise Edition 12.2.1.2.0
Oracle Business Intelligence Enterprise Edition 11.1.1.9.0
Oracle Business Intelligence Enterprise Edition 11.1.1.7.0
Oracle Business Intelligence Data Warehouse Administration Console 11.1.1.6.4
Oracle Big Data Discovery 1.6
Oracle Banking Platform 2.6
Oracle Banking Platform 2.5
Oracle Banking Platform 2.4
Oracle Banking Payments 14.0
Oracle Banking Payments 12.5
Oracle Banking Payments 12.4
Oracle Banking Payments 12.3
Oracle Banking Enterprise Product Manufacturing 2.6
Oracle Banking Enterprise Originations 2.6
Oracle Banking Enterprise Collections 2.6
Oracle Banking Corporate Lending 14.0
Oracle Banking Corporate Lending 12.5
Oracle Banking Corporate Lending 12.4
Oracle Banking Corporate Lending 12.3
Oracle Application Testing Suite 13.2.0.1
Oracle Application Testing Suite 13.1.0.1
Oracle Application Testing Suite 12.5.0.3
Oracle Agile Product Lifecycle Management for Process 6.2.1.0
Oracle Agile Product Lifecycle Management for Process 6.2.0.0
Oracle Agile Product Lifecycle Management for Process 6.1.1.6
Oracle Agile PLM Framework 9.3.6
Oracle Agile Engineering Data Management 6.2.1
Oracle Agile Engineering Data Management 6.2
Oracle Agile Engineering Data Management 6.1.3
Oracle Adaptive Access Manager 11.1.2.3.0
Oracle Access Manager 12.2.1.3.0
Oracle Access Manager 11.1.2.3.0
Oracle Access Manager 10.1.4.3.0
Exploit
Some of these issues may not require specific exploit code and may be trivial to exploit.
References: