[German]Oracle has released a number of critical updates for its products as of October 16, 2018. Here is an overview of these updates.
Oracle: Critical Patch Update October 2018
The Critical Patch Update from Oracle is not a single update, but a list of critical security updates. I got aware of the new release through @PhantomofMobile via Twitter.
ORACLE @Oracle CRITICAL PATCH UPDATE EMAIL FOR OCTOBER 2018:
ICYMI: @SBSDiva @woodyleonhard @AdminKirsty @thurrott @maryjofoley @bdsams @mehedih_ @ruthm @etguenni @SwiftOnSecurity @pcper @MalwareJake @GossiTheDog @ryanshrout @JobCackahttps://t.co/8geVpNL9l6
1/2
— Crysta T. Lacey (@PhantomofMobile) 16. Oktober 2018
The notifications can be found on this Oracle page – a list of previous Critical Patch Updates can be found here.
Updates for many Oracle products
Details of critical updates for each Oracle product can be found here. Oracle recommends that you install the updates as soon as possible.
- There are critical vulnerabilities in Oracle's E-Business Suite Application Management Pack for Oracle E-Business Suite, versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7
- Vulnerabilities in the Enterprise Manager were identified in the Base Platform (V12.1.0.5, 13.2), the Enterprise Manager für den SQL-Server (V12.2.2, 12.3.3) and the OPS Center (V12.2.2, 12.3.3).
- Fixes for Fusion Middleware for Hyperion BI+, version 11.1.2.4, Hyperion Common Events, version 11.1.2.4, Hyperion Data Relationship Management, version 11.1.2.4.345, and Hyperion Essbase Administration Services, version 11.1.2.4 are available.
Further fixes refer to Oracle Business Intelligence Enterprise Edition, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0, to MySQL, to MICROS PC Workstation and more Oracle products.
Update for Java SE
For the Java Standard Edition (Java SE) updates for versions 6, 7, 8 and 11 have been provided. Here are the links to the relevant documents:
- Oracle Java SE, versions 6u201, 7u191, 8u182, 11
- Oracle Java SE Embedded, versions 8u18, 8u181
- Oracle JRockit, version R28.3.19
This critical patch update includes 12 new security fixes for Oracle Java SE. Eleven (11) of these vulnerabilities can be remotely exploited without authentication – i.e. the vulnerabilities can be exploited over a network (Internet) without requiring user credentials. The English overview with the fixed vulnerabilities can be found here.