Oracle

Oracle Critical Patch Update Advisory - April 2014
Description
A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update
patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical
Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding
earlier published security fixes. Please refer to:
Critical Patch Updates and Security Alerts for information about Oracle Security Advisories.
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes
as soon as possible. This Critical Patch Update contains 104 new security fixes across the product families listed
below.
Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software
Security Assurance activities is located at https://blogs.oracle.com/security.
This Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability
Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available
at:http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF.
Affected Products and Components

Security vulnerabilities addressed by this Critical Patch Update affect the products listed in the categories below. The
product area of the patches for the listed versions is shown in the Patch Availability column corresponding to the
specified Products and Versions column. Please click on the link in the Patch Availability column below or in
the Patch Availability Table to access the documentation for those patches.
The list of affected product releases and versions that are in Premier Support or Extended Support, under the Oracle
Lifetime Support Policy is as follows:
Affected Products and Versions
Patch Availability
Oracle Database 11g Release 1, version 11.1.0.7
Database
Oracle Database 11g Release 2, versions 11.2.0.3, 11.2.0.4
Database
Oracle Database 12c Release 1, version 12.1.0.1
Database
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.7, 11.1.1.8
Fusion Middleware
Oracle Fusion Middleware 12c Release 1, versions 12.1.1.0, 12.1.2.0
Fusion Middleware
Oracle Fusion Applications, versions 11.1.2 through 11.1.8
Fusion Applications
Oracle Access Manager, versions 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0,

11.1.2.0.0, 11.1.2.1.0, 11.1.2.2.0
Fusion Middleware
Oracle Containers for J2EE, version 10.1.3.5
Fusion Middleware
Oracle Data Integrator, version 11.1.1.3.0
Fusion Middleware
Oracle Endeca Server, version 2.2.2
Fusion Middleware
Oracle Event Processing, version 11.1.1.7.0
Fusion Middleware
Oracle Identity Analytics, version 11.1.1.5, Sun Role Manager, version 5.0
Fusion Middleware
Oracle OpenSSO, version 8.0 Update 2 Patch 5
Fusion Middleware
Oracle OpenSSO Policy Agent, version 3.0-03
Fusion Middleware
Oracle WebCenter Portal, versions 11.1.1.7, 11.1.1.8
Fusion Middleware
Oracle WebLogic Server, versions 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0
Fusion Middleware
Oracle Hyperion Common Admin, versions 11.1.2.2, 11.1.2.3
Fusion Middleware
Oracle E-Business Suite Release 11i, 12i
E-Business Suite
Affected Products and Versions
Patch Availability
Oracle Agile PLM Framework, versions 9.3.1.1, 9.3.3.0
Oracle Supply Chain
Oracle Agile Product Lifecycle Management for Process, versions 6.0.0.7, 6.1.1.3 Oracle Supply Chain
Oracle Transportation Management, versions 6.3, 6.3.4
Oracle Supply Chain
Oracle PeopleSoft Enterprise CS Campus Self Service, version 9.0
PeopleSoft
Oracle PeopleSoft Enterprise HRMS Talent Acquisition Manager, versions 8.52,

8.53
PeopleSoft
Oracle PeopleSoft Enterprise PT Tools, versions 8.52, 8.53
PeopleSoft
Oracle Siebel UI Framework, versions 8.1.1, 8.2.2
Siebel
Oracle iLearning, versions 6.0, 6.1
iLearning
Oracle JavaFX, version 2.2.51
Oracle Java SE
Oracle Java SE, versions 5.0u61, 6u71, 7u51, 8
Oracle Java SE
Oracle Java SE Embedded, version 7u51
Oracle Java SE
Oracle JRockit, versions R27.8.1, R28.3.1
Oracle Java SE
Oracle Solaris, versions 9, 10, 11.1
Oracle and Sun Systems

Products Suite
Oracle Secure Global Desktop, versions 4.63, 4.71, 5.0, 5.1
Oracle Linux and Virtualization
Oracle VM VirtualBox, versions prior to 3.2.22, 4.0.24, 4.1.32, 4.2.24, 4.3.10
Oracle MySQL Server, versions 5.5, 5.6
Oracle MySQL Product Suite
Patch Availability Table and Risk Matrices

Products with Cumulative Patches
The Oracle Database, Oracle Fusion Middleware, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite
Applications, JD Edwards EnterpriseOne, JD Edwards OneWorld Tools, PeopleSoft Enterprise Portal Applications,
PeopleSoft Enterprise PeopleTools, Siebel Enterprise, Industry Applications, Primavera and Oracle VM patches in
the Critical Patch Updates are cumulative. In other words, patches for any of these products included in a Critical
Patch Update will include all fixes for that product from the previous Critical Patch Updates. For more information
about cumulative and non-cumulative patches, check the patch availability documents in the table below for the
respective product groups.
Patch Availability Table
For each administered Oracle product, consult the documentation for patch availability information and installation
instructions referenced from the following table. For an overview of the Oracle product documentation related to this
Critical Patch Update, please refer to the Oracle Critical Patch Update April 2014 Documentation Map, My Oracle
Support Note 1637289.1.
Product Group
Oracle Database
Risk Matrix
Oracle Database Risk Matrix
Patch Availability and Installation

Information
Patch Set Update and Critical Patch Update
April 2014 Availability Document, My Oracle
Support Note 1618213.1
Product Group
Patch Availability and Installation

Information
Risk Matrix
Oracle Fusion Middleware
Oracle Fusion Middleware Risk

Matrix

Oracle Fusion Applications
Oracle Database Risk

Matrix andOracle Fusion
Middleware Risk Matrix
Vulnerabilities affecting Oracle

Database and Oracle Fusion Middleware may
affect Oracle Fusion Applications, so Oracle
customers should refer to Oracle Fusion
Applications Critical Patch Update Knowledge
Document (April 2014) My Oracle Support Note
1644949.1 for information on patches to be
applied to Fusion Application environments.
Oracle Hyperion
Oracle Hyperion Risk Matrix

Oracle Applications - E-Business Oracle Database Risk

Suite
Matrix andOracle Fusion
Middleware Risk Matrix
Vulnerabilities affecting Oracle

Database and Oracle Fusion Middleware may
affect Oracle E-Business Suite products, so
Oracle customers should refer to Oracle EBusiness Suite Releases 11i and 12i Critical
Patch Update Knowledge Document (April
2014), My Oracle Support Note 1614525.1 for
information on patches to be applied to EBS
environments.
Oracle Applications - PeopleSoft

Enterprise, Siebel CRM, Oracle
Supply Chain, and iLearning
Product Suite
Oracle PeopleSoft Enterprise

Risk Matrix
Oracle Siebel CRM Risk Matrix
Oracle Supply Chain Risk Matrix
Oracle iLearning Products Risk
Matrix
Critical Patch Update Knowledge Document for

PeopleSoft Enterprise, Siebel Core, Oracle
Supply Chain and Oracle iLearning
Products, My Oracle Support Note 1638652.1
Oracle Java SE
Oracle SE Risk Matrix
Critical Patch Update April 2014 Patch

Availability Document for Java SE, My Oracle
Users running Java SE with a browser can
download the latest release
from http://java.com.Users on the Windows and
Mac OS X platforms can also use automatic
updates to get the latest release.
The latest JavaFX release is included with the
latest update of JDK and JRE 7 and 8.

Products Suite

Products Suite Risk Matrix
Critical Patch Update April 2014 Patch Delivery

Document for Oracle and Sun Systems Product
Suite,My Oracle Support Note 1637067.1

Products

Products Risk Matrix

Oracle MySQL
Oracle MySQL Risk Matrix
Critical Patch Update April 2014 Patch

Availability Document for Oracle MySQL
Products, My Oracle Support Note 1635913.1

Oracle

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Oracle

Încărcat de

Drepturi de autor:

Formate disponibile

Oracle Critical Patch Update Advisory - April 2014

Affected Products and Components

Oracle Database 11g Release 1, version 11.1.0.7

Oracle Database 11g Release 2, versions 11.2.0.3, 11.2.0.4

Oracle Database 12c Release 1, version 12.1.0.1

Oracle Fusion Middleware 11g Release 1, versions 11.1.1.7, 11.1.1.8

Oracle Fusion Middleware 12c Release 1, versions 12.1.1.0, 12.1.2.0

Oracle Fusion Applications, versions 11.1.2 through 11.1.8

Oracle Access Manager, versions 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0,

Oracle Containers for J2EE, version 10.1.3.5

Oracle Data Integrator, version 11.1.1.3.0

Oracle Endeca Server, version 2.2.2

Oracle Event Processing, version 11.1.1.7.0

Oracle OpenSSO, version 8.0 Update 2 Patch 5

Oracle OpenSSO Policy Agent, version 3.0-03

Oracle WebCenter Portal, versions 11.1.1.7, 11.1.1.8

Oracle WebLogic Server, versions 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0

Oracle Hyperion Common Admin, versions 11.1.2.2, 11.1.2.3

Oracle E-Business Suite Release 11i, 12i

Affected Products and Versions

Oracle Agile PLM Framework, versions 9.3.1.1, 9.3.3.0

Oracle Supply Chain

Oracle Supply Chain

Oracle PeopleSoft Enterprise CS Campus Self Service, version 9.0

Oracle PeopleSoft Enterprise HRMS Talent Acquisition Manager, versions 8.52,

Oracle PeopleSoft Enterprise PT Tools, versions 8.52, 8.53

Oracle Siebel UI Framework, versions 8.1.1, 8.2.2

Oracle iLearning, versions 6.0, 6.1

Oracle JavaFX, version 2.2.51

Oracle Java SE, versions 5.0u61, 6u71, 7u51, 8

Oracle Java SE Embedded, version 7u51

Oracle JRockit, versions R27.8.1, R28.3.1

Oracle Solaris, versions 9, 10, 11.1

Oracle and Sun Systems

Oracle Secure Global Desktop, versions 4.63, 4.71, 5.0, 5.1

Oracle Linux and Virtualization

Oracle VM VirtualBox, versions prior to 3.2.22, 4.0.24, 4.1.32, 4.2.24, 4.3.10

Oracle Linux and Virtualization

Oracle MySQL Server, versions 5.5, 5.6

Oracle MySQL Product Suite

Patch Availability Table and Risk Matrices

Patch Availability Table

Patch Availability and Installation

Patch Availability and Installation

Oracle Fusion Middleware

Oracle Fusion Middleware Risk

Patch Set Update and Critical Patch Update

Oracle Fusion Applications

Oracle Database Risk

Vulnerabilities affecting Oracle

Oracle Hyperion Risk Matrix

Patch Set Update and Critical Patch Update

Oracle Applications - E-Business Oracle Database Risk

Vulnerabilities affecting Oracle

Oracle Applications - PeopleSoft

Oracle PeopleSoft Enterprise

Critical Patch Update Knowledge Document for

Oracle SE Risk Matrix

Critical Patch Update April 2014 Patch

Oracle and Sun Systems

Oracle and Sun Systems

Critical Patch Update April 2014 Patch Delivery

Oracle Linux and Virtualization

Oracle Linux and Virtualization