Oracle to patch Java, other products Tuesday

Summary:47 Oracle products to be patched on Patch Tuesday, with a total of 147 vulnerability fixes, 85 of them for flaws which are remotely-exploitable without authentication.

As is their custom, Oracle will be releasing their January 2014 quarterly patches on Patch Tuesday, the same day as Microsoft.

This group of updates affects 47 products. There are a total of 147 vulnerability fixes; some of the vulnerabilities affect multiple products, so the total number of vulnerabilities addressed is less than 147, but not specified. On Tuesday we will likely have that number when the actual CVE numbers are released.

47 of the fixes are for vulnerabilities which can be exploited remotely without authentication, a measure of extreme severity and an indicator that the fix should be applied as soon as possible, as Oracle advises.

36 of the fixes will be for Java 7 SE products, 34 of them exploitable remotely without authentication.

For each product family, Oracle provides the highest CVSS Base Score of vulnerabilities affecting the products being updated. CVSS is the Common Vulnerability Scoring System, maintained by the Department of Homeland Security National Cyber Security Division and NIST (the National Institite of Standards and Technology). Scores range from 0.1 to 10.0, with 10.0 being as bad as it gets. Oracle explains their use of CVSS scoring on this page.

This list below contains all the products, including versions, affected in Tuesday's updates. The table below that includes the number of vulnerabilities addressed for each product family, the number which are remotely exploitable without authentication, and the maximum CVSS score for vulnerabilities addressed in that family.

  • Oracle Database 11g Release 1, version 11.1.0.7
  • Oracle Database 11g Release 2, versions 11.2.0.3, 11.2.0.4
  • Oracle Database 12c Release 1, version 12.1.0.1
  • Oracle Fusion Middleware 11g Release 1, versions 11.1.1.6, 11.1.1.7
  • Oracle Fusion Middleware 11g Release 2, versions 11.1.2.0, 11.1.2.1
  • Oracle Fusion Middleware 12c Release 2, version 12.1.2
  • Oracle Containers for J2EE, version 10.1.3.5
  • Oracle Enterprise Data Quality, versions 8.1, 9.0.8
  • Oracle Forms and Reports 11g, Release 2, version 11.1.2.1
  • Oracle GlassFish Server, version 2.1.1, Sun Java Application Server, versions 8.1, 8.2
  • Oracle HTTP Server 11g, versions 11.1.1.6, 11.1.1.7
  • Oracle HTTP Server 12c, version 12.1.2
  • Oracle Identity Manager, versions 11.1.1.5, 11.1.1.7, 11.1.2.0, 11.1.2.1
  • Oracle Internet Directory, versions 11.1.1.6, 11.1.1.7
  • Oracle iPlanet Web Proxy Server, version 4.0
  • Oracle iPlanet Web Server, versions 6.1, 7.0
  • Oracle Outside In Technology, versions 8.4.0, 8.4.1
  • Oracle Portal, version 11.1.1.6
  • Oracle Reports Developer, versions 11.1.1.6, 11.1.1.7, 11.1.2.1
  • Oracle Traffic Director, versions 11.1.1.6, 11.1.1.7
  • Oracle WebCenter Portal versions 11.1.1.6.0, 11.1.1.7.0, 11.1.1.8.0
  • Oracle WebCenter Sites versions 11.1.1.6.1, 11.1.1.8.0
  • Hyperion Essbase Administration Services, versions 11.1.2.1, 11.1.2.2, 11.1.2.3
  • Hyperion Strategic Finance, versions 11.1.2.1, 11.1.2.2
  • Oracle E-Business Suite Release 11i, version 11.5.10.2
  • Oracle E-Business Suite Release 12i, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3
  • Oracle Agile Product Lifecycle Management for Process, versions 6.0, 6.1, 6.1.1
  • Oracle AutoVue Electro-Mechanical Professional, versions 20.1.1, 20.2.2
  • Oracle Demantra Demand Management, versions 7.3.1, 12.2.1, 12.2.2, 12.2.3
  • Oracle Transportation Management, versions 5.5.06, 6.0, 6.1, 6.2, 6.3, 6.3.1, 6.3.2
  • Oracle PeopleSoft Enterprise HRMS, versions 9.1.0, 9.2.0
  • Oracle PeopleSoft Enterprise HRMS Human Resources, versions 9.1, 9.2
  • Oracle PeopleSoft Enterprise PeopleTools, versions 8.52, 8.53
  • Oracle PeopleSoft Enterprise SCM Services Procurement, version 9.2
  • Oracle Siebel Core, versions 8.1.1, 8.2.2
  • Oracle Siebel Life Sciences, versions 8.1.1, 8.2.2
  • Oracle iLearning, version 6.0
  • Oracle FLEXCUBE Private Banking, versions 1.7, 2.0, 2.0.1, 2.2.0.1, 3.0, 12.0.1, 12.0.2
  • Oracle JavaFX, versions 2.2.45 and earlier
  • Oracle Java JDK and JRE, versions 5.0u55 and earlier, 6u65 and earlier, 7u45 and earlier
  • Oracle Java SE Embedded, versions 7u45 and earlier
  • Oracle JRockit, versions R27.7.7 and earlier, R28.2.9 and earlier
  • Oracle Solaris versions 8, 9, 10, 11.1
  • Oracle Secure Global Desktop, versions 4.63.x, 4.71.x, 5.0.x, 5.10
  • Oracle VM VirtualBox, versions prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, 4.3.6
  • Oracle MySQL Enterprise Monitor, versions 2.3, 3.0
  • Oracle MySQL Server, versions 5.1, 5.5, 5.6
Product Family

 

Components Affected

Total # Vulnerabilities # remotely exploitable without authentication Maximum CSS Base Score
Oracle Database Server

 

Core RDBMS

Spatial

5 1 5.0
Oracle Fusion Middleware

 

Oracle Containers for J2EE

Oracle Enterprise Data Quality

Oracle GlassFish Server

Oracle HTTP Server

Oracle Identity Manager

Oracle Internet Directory

Oracle iPlanet Web Proxy Server

Oracle iPlanet Web Server

Oracle Outside In Technology

Oracle Portal

Oracle Reports Developer

Oracle Traffic Director

Oracle WebCenter Portal

Oracle WebCenter Sites

25 22 10.0
Oracle Hyperion

 

Hyperion Essbase Administration Services

Hyperion Strategic Finance

2 0 7.1
Oracle E-Business Suite

 

Oracle Application Object Library

Oracle Applications Framework

Oracle Payroll

4 1 5.5
Oracle Supply Chain Products Suite

 

Oracle Agile Product Lifecycle Management for Process

Oracle AutoVue Electro-Mechanical Professional

Oracle Demantra Demand Management

Oracle Transportation Management

16 6 5.5
Oracle PeopleSoft Products

 

PeopleSoft Enterprise HRMS

PeopleSoft Enterprise HRMS Human Resources

PeopleSoft Enterprise PeopleTools

PeopleSoft Enterprise SCM Services Procurement

17 10 5.0
Oracle Siebel CRM

 

Siebel Core - EAI

Siebel Life Sciences

2 1 5.0
Oracle iLearning

 

Oracle iLearning

1 1 4.3
Oracle Financial Services Software Executive Summary

 

Oracle FLEXCUBE Private Banking

1 1 10.0
Java SE

 

Java SE

Java SE Embedded

JavaFX

JRockit

36 34 10.0
Oracle and Sun Systems Products Suite

 

Solaris

11 1 7.2
Oracle Virtualization

 

Oracle Secure Global Desktop (SGD)

Oracle VM VirtualBox

9 4 6.8
Oracle MySQL

 

MySQL Enterprise Monitor

MySQL Server

18 3 10.0

Topics: Security, Oracle

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.