Critical patch updates
Oracle regularly releases critical patch updates. These patches are created to resolve a bug or glitch in the system, or to increase the security and effectiveness of the system. It’s important to take note of these updates because it can have an impact on how the applications and databases will react to different vulnerabilities.
If you fail to apply new Oracle patches, your system could be left vulnerable to attacks or threats. The new critical patch update contains 88 new security fixes across product families such as Oracle Database 11g Release 2, versions 18.104.22.168, 22.214.171.124; Oracle Database 11g Release 1, version 126.96.36.199; Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5; Oracle Application Server 10g Release 3, version 10.1.3.5.0 and Oracle DB UM Connector for Oracle Identity Manager, Version 188.8.131.52, among others.
Critical Patch Updates include all fixes for a product from the previous Critical Patch Updates. Patch updates are available for; Oracle Database, Oracle Fusion Middleware, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite Applications, JD Edwards EnterpriseOne, JD Edwards OneWorld Tools, PeopleSoft Enterprise Portal Applications, PeopleSoft Enterprise PeopleTools, Siebel Enterprise, Industry Applications, FLEXCUBE, Primavera and Oracle VM patches in the Critical Patch Updates are cumulative.
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 128 new security fixes across the product families listed below.
This Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle’s use of CVRF is available at: http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF.
Whenever a new critical patch update is released, RDB’s database consultants are ready to analyse the client’s current system and to give advice on the best way to implement new updates. Contact RDB Consulting for database management and maintenance – Jennifer Mbesa, firstname.lastname@example.org or +27 (0)11 807 7663
Critical Patch Updates are the primary means of releasing security fixes for Oracle products to customers with valid support contracts. They are released on the Tuesday closest to the 15th day of January, April, July and October. The next four dates are:
• 16 April 2013
• 16 July 2013
• 15 October 2013
• 14 January 2014
A pre-release announcement will be published on the Thursday preceding each CPU release.
Security vulnerabilities addressed by this Critical Patch Update affect the following products:
• Oracle Database 11g Release 2, versions 184.108.40.206, 220.127.116.11
• Oracle Database 11g Release 1, version 18.104.22.168
• Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
• Oracle Application Express, versions prior to 4.2.1
• Oracle Containers for J2EE, version 10.1.3.5
• Oracle COREid Access, version 10.1.4.3
• Oracle GoldenGate Veridata, version 22.214.171.124
• Oracle HTTP Server, versions 10.1.3.5.0, 126.96.36.199.0, 188.8.131.52.0
• Oracle JRockit, versions R27.7.4 and earlier, R28.2.6 and earlier
• Oracle Outside In Technology, versions 8.3.7, 8.4.0
• Oracle WebCenter Capture, version 10.1.3.5.1
• Oracle WebCenter Content, versions 10.1.3.5.1, 184.108.40.206.0
• Oracle WebCenter Interaction, versions 6.5.1, 10.3.3.0
• Oracle WebCenter Sites, versions 7.6.2, 220.127.116.11.0, 18.104.22.168.1
• Oracle WebLogic Server, versions 10.0.2, 10.3.5, 10.3.6, 12.1.1
• Oracle Web Services Manager, version 22.214.171.124
• Oracle E-Business Suite Release 12, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3
• Oracle E-Business Suite Release 11i, version 126.96.36.199
• Oracle Agile EDM, versions 188.8.131.52, 184.108.40.206, 220.127.116.11
• Oracle Transportation Management, versions 5.5.05, 6.2
• Oracle PeopleSoft HRMS, version 9.1
• Oracle PeopleSoft PeopleTools, versions 8.51, 8.52, 8.53
• Oracle Siebel CRM, versions 8.1.1, 8.2.2
• Oracle Clinical Remote Data Capture Option, versions 4.6.0, 4.6.6
• Oracle Retail Central Office, versions 13.1, 13.2, 13.3, 13.4
• Oracle Retail Integration Bus, versions 13.0, 13.1, 13.2
• Oracle FLEXCUBE Direct Banking, versions 2.8.0 – 12.0.1
• Primavera P6 Enterprise Project Portfolio Management, versions 7.0, 8.1, 8.2
• Oracle and Sun Systems Product Suite
• Oracle Sun Middleware Products
• Oracle MySQL Server, versions 5.1, 5.5, 5.6
• Oracle Automatic Service Request, versions prior to 4.3.2
Here’s the full patch number downloads to be applied
Please click here to view Critical patch updates