Oracle January 2019 Critical Patch Update Multiple Vulnerabilities

Oracle has released advance notification regarding the January 2019 Critical Patch Update (CPU) to be released on January 15, 2019. The update addresses 276 vulnerabilities affecting the following software:

Enterprise Manager Base Platform, versions, 13.2, 13.3
Enterprise Manager for Virtualization, versions 13.2.2, 13.2.3, 13.3.1
Enterprise Manager Ops Center, versions 12.2.2, 12.3.3
Hyperion BI+, version
Java Advanced Management Console, version 2.12
JD Edwards EnterpriseOne Tools, version 9.2
JD Edwards World Security, versions A9.3, A9.3.1, A9.4
MySQL Connectors, versions 2.1.8 and prior, 8.0.13 and prior
MySQL Enterprise Monitor, versions 4.0.7 and prior, 8.0.13 and prior
MySQL Server, versions 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior
MySQL Workbench, versions 8.0.13 and prior
Oracle Agile Engineering Data Management, versions 6.1.3, 6.2.0, 6.2.1
Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6
Oracle Agile Product Lifecycle Management for Process, versions,,,,
Oracle API Gateway, version
Oracle Application Testing Suite, versions,,
Oracle Argus Safety, versions 8.1, 8.2
Oracle Banking Platform, versions 2.5.0, 2.6.0, 2.6.1, 2.6.2
Oracle Business Process Management Suite, versions,,
Oracle Communications Billing and Revenue Management, versions 7.5, 12.0
Oracle Communications Converged Application Server, versions prior to
Oracle Communications Converged Application Server - Service Controller, version 6.1
Oracle Communications Diameter Signaling Router (DSR), versions prior to 8.3
Oracle Communications Online Mediation Controller, version 6.1
Oracle Communications Performance Intelligence Center (PIC) Software, versions prior to 10.2.1
Oracle Communications Policy Management, versions prior to 12.5
Oracle Communications Service Broker, version 6.0
Oracle Communications Services Gatekeeper, versions prior to
Oracle Communications Session Border Controller, versions prior to SCz7310p4, prior to SCz740m2p3, prior to SCz741m1p5, prior to SCz800p7, prior to SCz810m1p9
Oracle Communications Unified Inventory Management, versions prior to 7.4.0
Oracle Communications Unified Session Manager, versions prior to SCz740m2p3, prior to SCz741m1p5, prior to SCz810m1p9
Oracle Communications WebRTC Session Controller, versions prior to 7.2
Oracle Database Server, versions,,, 18c
Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8
Oracle Endeca Server, version 7.7.0
Oracle Enterprise Communications Broker, versions prior to PCz220p1, prior to PCz300p2
Oracle Enterprise Repository, versions
Oracle Enterprise Session Border Controller, versions prior to ECz750p12, prior to ECz800p5
Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3, 7.3.5, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7
Oracle FLEXCUBE Direct Banking, version 12.0.2
Oracle FLEXCUBE Investor Servicing, versions 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0
Oracle Fusion Middleware MapViewer, version
Oracle GoldenGate Application Adapters, version
Oracle Health Sciences Information Manager, version 3.0
Oracle Healthcare Foundation, versions 7.1, 7.2
Oracle Healthcare Master Person Index, versions 3.0, 4.0
Oracle Hospitality Cruise Fleet Management, version 9.0.10
Oracle Hospitality Cruise Shipboard Property Management System, version 8.0.8
Oracle Hospitality Reporting and Analytics, version 9.1.0
Oracle Hospitality Simphony, version 2.10
Oracle HTTP Server, version
Oracle Insurance Calculation Engine, version 10.2
Oracle Insurance Insbridge Rating and Underwriting, versions 5.2, 5.4, 5.5
Oracle Insurance Policy Administration J2EE, versions 10.0, 10.2
Oracle Insurance Rules Palette, versions 10.0, 10.2
Oracle Java SE, versions 7u201, 8u192, 11.0.1
Oracle Java SE Embedded, version 8u191
Oracle Managed File Transfer, versions,
Oracle Outside In Technology, versions 8.5.3, 8.5.4
Oracle Reports Developer, version
Oracle Retail Back Office, versions 13.3, 13.4, 14.0, 14.1
Oracle Retail Central Office, versions 13.3, 13.4, 14.0, 14.1
Oracle Retail Convenience and Fuel POS Software, version 2.8.1
Oracle Retail Customer Insights, versions 15.0, 16.0
Oracle Retail Integration Bus, version 17.0
Oracle Retail Merchandising System, version 14.1
Oracle Retail Returns Management, versions 13.3, 13.4, 14.0, 14.1
Oracle Retail Sales Audit, version 15.0
Oracle Retail Service Backbone, versions 13.1, 13.2, 14.0, 14.1, 15.0, 16.0
Oracle Retail Workforce Management Software, versions 1.60.9, 1.64.0
Oracle Retail Xstore Payment, version 3.3
Oracle Secure Global Desktop (SGD), version 5.4
Oracle Service Architecture Leveraging Tuxedo, versions,
Oracle SOA Suite, versions,
Oracle Transportation Management, versions 6.3.7, 6.4.1, 6.4.2, 6.4.3
Oracle Utilities Framework, version
Oracle Utilities Network Management System, versions,,,
Oracle VM VirtualBox, versions prior to 5.2.24, prior to 6.0.2
Oracle Web Cache, version
Oracle WebCenter Portal, versions,
Oracle WebCenter Sites, version
Oracle WebLogic Server, versions,,
OSS Support Tools, versions prior to 19.1
PeopleSoft Enterprise CC Common Application Objects, version 9.2
PeopleSoft Enterprise CS Campus Community, versions 9.0, 9.2
PeopleSoft Enterprise HCM eProfile Manager Desktop, version 9.2
PeopleSoft Enterprise PeopleTools, versions 8.55, 8.56, 8.57
PeopleSoft Enterprise SCM eProcurement, version 9.2
Primavera P6 Enterprise Project Portfolio Management, versions 8.4, 15.1, 15.2, 16.1, 16.2, 17.7-17.12, 18.8
Primavera Unifier, versions 16.1, 16.2, 17.1-17.12, 18.8
Siebel Applications, versions 18.10, 18.11, 18.12
Solaris, versions 10, 11
Sun ZFS Storage Appliance Kit (AK), versions prior to 8.8.1
Tape Library ACSLS, version 8.4

Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system.


Privacy Statement
Copyright 2010, SecurityFocus