{"id":2397,"date":"2017-10-18T11:55:25","date_gmt":"2017-10-18T09:55:25","guid":{"rendered":"http:\/\/www.oradba.ch\/?p=2397"},"modified":"2017-10-18T11:55:25","modified_gmt":"2017-10-18T09:55:25","slug":"oracle-cpu-psu-announcement-october-2017","status":"publish","type":"post","link":"https:\/\/www.oradba.ch\/wordpress\/2017\/10\/oracle-cpu-psu-announcement-october-2017\/","title":{"rendered":"Oracle CPU \/ PSU Announcement October 2017"},"content":{"rendered":"<p>The Oracle open world 2017 is over, the dust just  settled down. A perfect time for Oracle to release the October critical patch advisory. With not less than 270 new security vulnerability fixes across the Oracle products it seems to be a rather huge update. From the DB perspective it is nothing unusual. It contains 6 new security fixes for vulnerabilities on Oracle Database 11.2.0.4, 12.1.0.2 and 12.2.0.1. 2 of the vulnerabilities can be used remotely without authentication, but none of the vulnerabilities affect Oracle client installations. Overall the highest CVSS Rating is 8.8 for Oracle Database Server 11.2.0.4 on Windows respectively 7.8 for 12.1.0.2 on Windows and Linux. According to Oracle the following components are affected:<\/p>\n<ul>\n<li>Core RDBMS<\/li>\n<li>Java VM<\/li>\n<li>XML Database<\/li>\n<li>RDBMS Security<\/li>\n<li>Spatial (Apache Groovy)<\/li>\n<li>WLM (Apache Tomcat)<\/li>\n<\/ul>\n<p>Not all of these components are installed by default. It is therefore recommended that you check your database environment to see if it is necessary to apply this critical patch update. OK, I guess <em>Core RDBMS<\/em> is part of you database setup \ud83d\ude42<\/p>\n<p>For Oracle Fusion Middleware the situation looks somehow different. The Critical Patch Update includes not less than 40 fixes for vulnerabilities. Up to 26 vulnerabilities may be remotely exploitable without authentication and are rated with the highest CVSS rating of 9.8.<\/p>\n<p>More details about the patch will follow soon on the Oracle Security Pages.<\/p>\n<ul>\n<li><a href=\"http:\/\/www.oracle.com\/technetwork\/topics\/security\/alerts-086861.html\">Critical Patch Updates and Security Alerts<\/a><\/li>\n<li><a href=\"http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuoct2017-3236626.html\">Oracle Critical Patch Update Advisory &#8211; October 2017<\/a><\/li>\n<li><a href=\"https:\/\/www.trivadis.com\/en\/tvd-criticalpatchreporttm\">TVD-Critical Patch Report<\/a><\/li>\n<li>Or posted here \ud83d\ude42<\/li>\n<\/ul>\n<p>By the way, Oracle <em>improved<\/em> the table which lists the affected products and components in there <a href=\"http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuoct2017-3236626.html\">advisory<\/a>. Oracle Database is not a the top of the table any more.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Oracle open world 2017 is over, the dust just settled down. A perfect time for Oracle to release the October critical patch advisory. With not less than 270 new security vulnerability fixes across the Oracle products it seems to be a rather huge update. From the DB perspective it is nothing unusual. It contains [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Oracle CPU \/ PSU Announcement October 2017","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[8,83,158,46,114,11,116],"tags":[130,18,111],"class_list":["post-2397","post","type-post","status-publish","format-standard","hentry","category-11gr2","category-12cr1","category-12cr2","category-cpu","category-psu-2","category-security","category-spu","tag-trivadis","tag-trivadiscontent","tag-tvdsecexpert"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1aErb-CF","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":2270,"url":"https:\/\/www.oradba.ch\/wordpress\/2017\/04\/oracle-cpu-psu-announcement-april-2017\/","url_meta":{"origin":2397,"position":0},"title":"Oracle CPU \/ PSU Announcement April 2017","author":"Stefan","date":"19. April 2017","format":false,"excerpt":"Last night Oracle released there new Critical Patch Update. From the DB perspective it is a rather small patch update. It just includes 2 fixes for security vulnerabilities on Oracle database 11.2.0.4 and 12.1.0.2. None of the vulnerabilities are remote exploitable without authentication but one fix is also for client\u2026","rel":"","context":"In &quot;11gR2&quot;","block_context":{"text":"11gR2","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/11gr2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2243,"url":"https:\/\/www.oradba.ch\/wordpress\/2017\/01\/oracle-cpu-psu-announcement-january-2017\/","url_meta":{"origin":2397,"position":1},"title":"Oracle CPU \/ PSU Announcement January 2017","author":"Stefan","date":"18. January 2017","format":false,"excerpt":"Oracle has published the first Critical Patch Update in 2017. It's quite a huge update with not less than 270 new security vulnerability fixes across the Oracle products. For the Oracle Database itself are 5 security fixes available respectively 2 security fixes for the Oracle Database Server and 3 security\u2026","rel":"","context":"In &quot;11gR2&quot;","block_context":{"text":"11gR2","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/11gr2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2549,"url":"https:\/\/www.oradba.ch\/wordpress\/2018\/04\/oracle-cpu-psu-april-2018\/","url_meta":{"origin":2397,"position":2},"title":"Oracle CPU \/ PSU April 2018","author":"Stefan","date":"18. April 2018","format":false,"excerpt":"Oracle recently released the spring Critical Patch Advisory. It is the first critical patch update, which also includes fixes for Oracle 18c. Over all it includes 254 new security fixes across the product families. Overall a rather large update, although only a security vulnerability is patched for the Oracle databases.\u2026","rel":"","context":"In &quot;11gR2&quot;","block_context":{"text":"11gR2","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/11gr2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1523,"url":"https:\/\/www.oradba.ch\/wordpress\/2013\/10\/oracle-released-cpu-psu-october-2013\/","url_meta":{"origin":2397,"position":3},"title":"Oracle released CPU \/ PSU October 2013","author":"Stefan","date":"16. October 2013","format":false,"excerpt":"As announced yesterday in my post Oracle CPU \/ PSU Pre-Release Announcement October 2013, Oracle has now released the last Critical Patch Updates for 2013. Overall this CPU contains 126 new security fixes across several Oracle products like Database Server, MySQL Server, Sun Product Suite, WebLogic Server etc. For Oracle\u2026","rel":"","context":"In &quot;10gR2&quot;","block_context":{"text":"10gR2","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/10gr2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2815,"url":"https:\/\/www.oradba.ch\/wordpress\/2018\/10\/oracle-cpu-psu-advisory-october-2018\/","url_meta":{"origin":2397,"position":4},"title":"Oracle CPU \/ PSU Advisory October 2018","author":"Stefan","date":"22. October 2018","format":false,"excerpt":"Oracle has recently published the Critical Patch Update Advisory for the October 2018. It's once more quite a heavy update with not less than 301 security vulnerability fixes across the Oracle products. The Oracle database is relatively prominently represented with 3 security vulnerabilities and a maximal CVSS rating of 9.8.\u2026","rel":"","context":"In &quot;12R2&quot;","block_context":{"text":"12R2","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/12r2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":683,"url":"https:\/\/www.oradba.ch\/wordpress\/2011\/10\/oracle-cpu-psu-pre-release-announcement-october-2011\/","url_meta":{"origin":2397,"position":5},"title":"Oracle CPU \/ PSU Pre-Release Announcement October 2011","author":"Stefan","date":"14. October 2011","format":false,"excerpt":"Oracle has recently published the Pre-Release Announcement for the CPU Patch. This Critical Patch Update contains 56 new security vulnerability fixes for several Oracle products. 4 of these fixes are just for the Oracle Database Server.","rel":"","context":"In &quot;10gR2&quot;","block_context":{"text":"10gR2","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/10gr2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/2397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/comments?post=2397"}],"version-history":[{"count":3,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/2397\/revisions"}],"predecessor-version":[{"id":2401,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/2397\/revisions\/2401"}],"wp:attachment":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/media?parent=2397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/categories?post=2397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/tags?post=2397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}