[SingCERT] Oracle Critical Patch Update Advisory - October 2013

Published on Thursday, 17 October 2013 16:25

[ Summary ]

Oracle has released a Critical Patch Update (CPU) for October 2013 to address 127 vulnerabilities across multiple products. This update contains the security fixes.

[ Affected Products]

Oracle Database 11g Release 1, version
Oracle Database 11g Release 2, versions,
Oracle Database 12c Release 1, version
Oracle Fusion Middleware 11g Release 1, versions,
Oracle Access Manager, versions,
Oracle Forms and Reports 11g, Release 2, version
Oracle GlassFish Server, versions 2.1.1, 3.0.1, 3.1.2
Oracle HTTP Server 12c, version 12.1.2
Oracle Identity Analytics, version; Sun Role Manager, versions 4.1, 5.0
Oracle Identity Manager, versions,
Oracle JDeveloper, versions,,
Oracle Outside In Technology, versions 8.4.0, 8.4.1
Oracle Portal, version
Oracle Web Cache, versions,
Oracle WebCenter Content, versions,,,
Oracle WebLogic Server, versions,
Oracle Web Services, versions,
Oracle Enterprise Manager Grid Control 10g Release 1, version
Oracle Enterprise Manager Grid Control 11g Release 1, version
Oracle Enterprise Manager Plugin for Database 12c Release 1, versions,,
Oracle E-Business Suite Release 12i, version 12.1
Oracle Agile PLM Framework, version 9.3.2
Oracle Transportation Management, versions 6.2, 6.3, 6.3.1, 6.3.2
Oracle PeopleSoft HRMS, version 9.1
Oracle PeopleSoft HRMS eCompensation, versions 9.1, 9.2
Oracle PeopleSoft PeopleTools, versions 8.51, 8.52, 8.53
Oracle Siebel Core, versions 8.1.1, 8.2.2
Oracle Siebel Server Remote, versions 8.1.1, 8.2.2
Oracle Siebel UI Framework, versions 8.1.1, 8.2.2
Oracle iLearning, versions 5.2.1, 6.0
Oracle Health Sciences InForm, versions 4.5.x, 4.6.x, 5.0.x, 5.5.x and 6.0.0
Oracle Siebel CTMS, version 8.1.1.x
Oracle Retail Invoice Matching, versions 10.2, 11.0, 12.0, 12.0IN, 12.1, 13.0, 13.1, 13.2
Oracle FLEXCUBE Private Banking, versions 1.7, 2.0, 2.0.1,, 3.0, 12.0.1
Oracle Instantis EnterpriseTrack, versions 8.0.6, 8.5
Oracle Primavera P6 Enterprise Project Portfolio Management, versions 8.1, 8.2, 8.3
Oracle JavaFX, versions 2.2.40 and earlier
Oracle Java JDK and JRE, versions 5.0u51 and earlier, 6u60 and earlier, 7u40 and earlier
Oracle Java SE Embedded, versions 7u40 and earlier
Oracle JRockit, versions R27.7.6 and earlier, R28.2.8 and earlier
Oracle Solaris versions 10, 11.1
Oracle SPARC Enterprise T series and M Series Servers Firmware versions prior to 6.7.13, 7.4.6.c, 8.3.0.b, 9.0.0.d, 9.0.1.e
Oracle Sun Blade 6000 10GBE switched NEM 1.2, Sun Network 10GBE Switch 72P 1.2, Oracle Switch ES1-24 1.3
Oracle Secure Global Desktop, version 5
Oracle VM VirtualBox, versions prior to 3.2.18, 4.0.20, 4.1.28, 4.2.18
Oracle MySQL Server, versions 5.1, 5.5, 5.6
Oracle MySQL Enterprise Monitor, version 2.3

[ Impact Analysis ]

Successful exploitation of some of these vulnerabilities could possibly allow a remote user to access and modify data, cause partial denial of service conditions to the targeted system.

[ Solution/Workaround ]

Oracle has issued a patch. Please refer to the Critical Patch Update by Oracle.

[ Reference ]