Oracle sikkerhetsoppdateringer for april 2016

Publisert: 21.04.2016 | Sist endret: 11.01.2017

De mest kritiske sårbarhetene tillater ekstern kjøring av kode og krever ikke autentisering.

Oracle har sluppet sin planlagte "Critical Patch Update" for april 2016 [1]. Totalt 136 sårbarheter ble rettet i denne oppdateringen. Oracle Database Server, E-Business Suite, Fusion Middleware, Java SE, og MySQL er blant de påvirkede produktene. Se fullstendig liste lenger ned.

For de som har supportavtale med Oracle kan man lese mer om sårbarhetene hos Oracle Support[2].

De mest kritiske sårbarhetene tillater ekstern kjøring av kode og krever ikke autentisering.

NorCERT er ikke kjent med aktive utnyttelse av sårbarhetene, men basert på omfang og alvorlighet anser vi det som mulig at dette kan skje. 

  1. http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
  2. https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=2126904.1

Påvirkede versjoner

  • Oracle Database Server (11.2.0.4, 12.1.0.1, 12.1.0.2)
  • Oracle API Gateway (11.1.2.3.0, 11.1.2.4.0)
  • Oracle BI Publisher (12.2.1.0.0)
  • Oracle Business Intelligence Enterprise Edition (11.1.1.7.0, 11.1.1.9.0, 12.2.1.0.0)
  • Oracle Exalogic Infrastructure (1.0, 2.0)
  • Oracle GlassFish Server (2.1.1)
  • Oracle HTTP Server (12.1.2.0, 12.1.3.0)
  • Oracle iPlanet Web Proxy Server (4.0)
  • Oracle iPlanet Web Server (7.0)
  • Oracle OpenSSO (3.0-0.7)
  • Oracle Outside In Technology (8.5.0, 8.5.1, 8.5.2)
  • Oracle Traffic Director (11.1.1.7.0, 11.1.1.9.0)
  • Oracle Tuxedo (12.1.1.0)
  • Oracle WebCenter Sites (11.1.1.8.0, 12.2.1)
  • Oracle WebLogic Server (10.3.6, 12.1.2, 12.1.3, 12.2.1)
  • Oracle Application Testing Suite (12.4.0.2, 12.5.0.2)
  • OSS Support Tools Oracle Explorer (8.11.16.3.8)
  • Oracle E-Business Suite (12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5)
  • Oracle Agile Engineering Data Management (6.1.3.0, 6.2.0.0)
  • Oracle Agile PLM (9.3.1.1, 9.3.1.2, 9.3.2, 9.3.3)
  • Oracle Complex Maintenance, Repair, and Overhaul (12.1.1, 12.1.2, 12.1.3)
  • Oracle Configurator (12.1, 12.2)
  • Oracle Transportation Management (6.1, 6.2)
  • PeopleSoft Enterprise HCM (9.1, 9.2)
  • PeopleSoft Enterprise HCM ePerformance (9.2)
  • PeopleSoft Enterprise PeopleTools (8, 8.53, 8.54, 8.55, 54)
  • PeopleSoft Enterprise SCM (9.1, 9.2)
  • JD Edwards EnterpriseOne Tools (9.1, 9.2)
  • Siebel Applications (8.1.1, 8.2.2)
  • Oracle Communications User Data Repository (10.0.1)
  • Oracle Retail MICROS ARS POS (1.5)
  • Oracle Retail MICROS C2 (9.89.0.0)
  • Oracle Retail Xstore Point of Service (5.0, 5.5, 6.0, 6.5, 7.0, 7.1)
  • Oracle Life Sciences Data Hub (2.1)
  • Oracle FLEXCUBE Direct Banking (12.0.2, 12.0.3)
  • Oracle Java SE (6u113, 7u99, 8u77)
  • Oracle Java SE Embedded (8u77)
  • Oracle JRockit (R28.3.9)
  • Fujitsu M10-1, M10-4, M10-4S Servers (prior to XCP 2290)
  • Oracle Ethernet Switch ES2-72, Oracle Ethernet Switch ES2-64 (prior to 2.0.0.6)
  • Solaris (10, 11.3)
  • Solaris Cluster (4.2)
  • SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers (prior to XCP 1121)
  • Sun Storage Common Array Manager (6.9.0)
  • Oracle VM VirtualBox (prior to 4.3.36, prior to 5.0.18)
  • Sun Ray Software (11.1)
  • MySQL Enterprise Monitor (3.0.25 and prior, 3.1.2 and prior)
  • MySQL Server (5.5.48 and prior, 5.6.29 and prior, 5.7.11 and prior)
  • Oracle Berkeley DB (11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, 12.1.6.1.26)