{"id":2815,"date":"2018-10-22T10:06:36","date_gmt":"2018-10-22T08:06:36","guid":{"rendered":"https:\/\/www.oradba.ch\/?p=2815"},"modified":"2018-10-22T10:06:36","modified_gmt":"2018-10-22T08:06:36","slug":"oracle-cpu-psu-advisory-october-2018","status":"publish","type":"post","link":"https:\/\/www.oradba.ch\/wordpress\/2018\/10\/oracle-cpu-psu-advisory-october-2018\/","title":{"rendered":"Oracle CPU \/ PSU Advisory October 2018"},"content":{"rendered":"<p>Oracle has recently published the Critical Patch Update Advisory for the October 2018. It&#8217;s once more quite a heavy update with not less than 301 security vulnerability fixes across the Oracle products. The Oracle database is relatively prominently represented with 3 security vulnerabilities and a maximal CVSS rating of 9.8. The problem CVE-2018-3259 with such a high CVSS rating is related to OJVM and affects all Oracle releases on various platforms. In addition, two of the vulnerabilities are remotely exploitable without authentication. None of the security bug fixes are for client-only installations. So you just have to patch your database servers.<\/p>\n<p>Oracle Unified Directory itself is not mentioned in the <a href=\"https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuoct2018-4428296.html\" target=\"_blank\" rel=\"noopener\">Oracle Critical Patch Update Advisory<\/a>. But the MOS note <a href=\"https:\/\/support.oracle.com\/epmos\/faces\/DocumentDisplay?id=2385785.1\" target=\"_blank\" rel=\"noopener\">2385785.1<\/a> <em>Information And Bug Listing of Oracle Unified Directory Bundle Patches: 12.2.1.3.x (12cR2PS3) Version<\/em> does provide information on the latest bundle patch for OUD. Beside this patch, There are updates for Oracle WebLogic and Oracle Java as well (see links below).<\/p>\n<p>The highest CVSS Base Score of vulnerabilities affecting Oracle Database Server is 9.8. The following components are affected:<\/p>\n<ul>\n<li>Oracle Text<\/li>\n<li>Java VM<\/li>\n<li>Rapid Home Provisioning<\/li>\n<\/ul>\n<p>Oracle Java VM is not installed by default. It is therefore recommended that you check your database environment to see if it is necessary to apply this critical patch update.<\/p>\n<p>For Oracle Fusion Middleware the situation looks somehow different. The Critical Patch Update includes not less than 56 fixes for vulnerabilities. Several of the vulnerabilities may be remotely exploitable without authentication and are rated with the highest CVSS rating of 9.8.<\/p>\n<p>A few links related to this Critical Patch Update.<\/p>\n<ul>\n<li><a href=\"http:\/\/www.oracle.com\/technetwork\/topics\/security\/alerts-086861.html\">Critical Patch Updates and Security Alerts<\/a><\/li>\n<li><a href=\"https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuoct2018-4428296.html\" target=\"_blank\" rel=\"noopener\">Oracle Critical Patch Update Advisory &#8211; October 2018<\/a>.<\/li>\n<li>Critical Patch Update (CPU) Program October 2018 Patch Availability Document (PAD)<em>[<a href=\"https:\/\/support.oracle.com\/epmos\/faces\/DocumentDisplay?id=2433477.1\">2433477.1<\/a>]<\/em><\/li>\n<li>Information And Bug Listing of Oracle Unified Directory Bundle Patches: 12.2.1.3.x (12cR2PS3) Version<em>[<a href=\"https:\/\/support.oracle.com\/epmos\/faces\/DocumentDisplay?id=2385785.1\">2385785.1<\/a>]<\/em><\/li>\n<li>Information And Bug Listing of Oracle Unified Directory Bundle Patches: 11.1.2.3.x (11gR2PS3) Version<em>[<a href=\"https:\/\/support.oracle.com\/epmos\/faces\/DocumentDisplay?id=2067482.1\">2067482.1<\/a>]<\/em><\/li>\n<li>Patch Set Update (PSU) Release Listing for Oracle WebLogic Server (WLS)<em>[<a href=\"https:\/\/support.oracle.com\/epmos\/faces\/DocumentDisplay?id=1470197.1\">1470197.1<\/a>]<\/em><\/li>\n<li>All Java SE Downloads on MOS<em>[<a href=\"https:\/\/support.oracle.com\/epmos\/faces\/DocumentDisplay?id=1439822.1\">1439822.1<\/a>]<\/em><\/li>\n<li><a href=\"https:\/\/www.trivadis.com\/en\/tvd-criticalpatchreporttm\">TVD-Critical Patch Report<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Oracle has recently published the Critical Patch Update Advisory for the October 2018. It&#8217;s once more quite a heavy update with not less than 301 security vulnerability fixes across the Oracle products. The Oracle database is relatively prominently represented with 3 security vulnerabilities and a maximal CVSS rating of 9.8. The problem CVE-2018-3259 with such [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"@Oracle CPU \/ PSU Advisory October 2018 #dbsec","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[179,180,46,114,11,116],"tags":[111],"class_list":["post-2815","post","type-post","status-publish","format-standard","hentry","category-12r2","category-18c","category-cpu","category-psu-2","category-security","category-spu","tag-tvdsecexpert"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1aErb-Jp","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":2397,"url":"https:\/\/www.oradba.ch\/wordpress\/2017\/10\/oracle-cpu-psu-announcement-october-2017\/","url_meta":{"origin":2815,"position":0},"title":"Oracle CPU \/ PSU Announcement October 2017","author":"Stefan","date":"18. October 2017","format":false,"excerpt":"The Oracle open world 2017 is over, the dust just settled down. A perfect time for Oracle to release the October critical patch advisory. With not less than 270 new security vulnerability fixes across the Oracle products it seems to be a rather huge update. From the DB perspective it\u2026","rel":"","context":"In &quot;11gR2&quot;","block_context":{"text":"11gR2","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/11gr2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2549,"url":"https:\/\/www.oradba.ch\/wordpress\/2018\/04\/oracle-cpu-psu-april-2018\/","url_meta":{"origin":2815,"position":1},"title":"Oracle CPU \/ PSU April 2018","author":"Stefan","date":"18. April 2018","format":false,"excerpt":"Oracle recently released the spring Critical Patch Advisory. It is the first critical patch update, which also includes fixes for Oracle 18c. Over all it includes 254 new security fixes across the product families. Overall a rather large update, although only a security vulnerability is patched for the Oracle databases.\u2026","rel":"","context":"In &quot;11gR2&quot;","block_context":{"text":"11gR2","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/11gr2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3140,"url":"https:\/\/www.oradba.ch\/wordpress\/2019\/07\/oracle-cpu-psu-advisory-july-2019\/","url_meta":{"origin":2815,"position":2},"title":"Oracle CPU \/ PSU Advisory July 2019","author":"Stefan","date":"17. July 2019","format":false,"excerpt":"Recently, just in the middle of the summer holidays, Oracle has released the third Critical Patch Advisory for its products. It seems there's a lot of work going on in Redwood Shore. Oracle has fixed about 319 security vulnerabilities across their products. The Oracle database is relatively prominently represented with\u2026","rel":"","context":"In &quot;11gR2&quot;","block_context":{"text":"11gR2","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/11gr2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2270,"url":"https:\/\/www.oradba.ch\/wordpress\/2017\/04\/oracle-cpu-psu-announcement-april-2017\/","url_meta":{"origin":2815,"position":3},"title":"Oracle CPU \/ PSU Announcement April 2017","author":"Stefan","date":"19. April 2017","format":false,"excerpt":"Last night Oracle released there new Critical Patch Update. From the DB perspective it is a rather small patch update. It just includes 2 fixes for security vulnerabilities on Oracle database 11.2.0.4 and 12.1.0.2. None of the vulnerabilities are remote exploitable without authentication but one fix is also for client\u2026","rel":"","context":"In &quot;11gR2&quot;","block_context":{"text":"11gR2","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/11gr2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":14785,"url":"https:\/\/www.oradba.ch\/wordpress\/2024\/01\/latest-critical-patch-updates-from-oracle-january-2024\/","url_meta":{"origin":2815,"position":4},"title":"Latest Critical Patch Updates from Oracle &#8211; January 2024","author":"Stefan","date":"18. January 2024","format":false,"excerpt":"On January 18, Oracle unveiled its first quarterly Critical Patch Update Advisory of the year. This advisory, a pivotal resource for Oracle users, details an array of 389 new security patches across various Oracle product families. This update includes several high-severity vulnerabilities, notably those that can be exploited remotely over\u2026","rel":"","context":"In &quot;19c&quot;","block_context":{"text":"19c","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/19c\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/CPU-Patch-Jan-2024.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/CPU-Patch-Jan-2024.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/CPU-Patch-Jan-2024.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/CPU-Patch-Jan-2024.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/CPU-Patch-Jan-2024.png?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":14216,"url":"https:\/\/www.oradba.ch\/wordpress\/2023\/10\/latest-critical-patch-updates-from-oracle-october-2023\/","url_meta":{"origin":2815,"position":5},"title":"Latest Critical Patch Updates from Oracle &#8211; October 2023","author":"Stefan","date":"18. October 2023","format":false,"excerpt":"On October 17, Oracle released its quarterly Critical Patch Update Advisory. This comprehensive advisory contains details about 387 new security patches for various Oracle product families. Among them are some serious vulnerabilities that can be exploited remotely over the network, i.e. with a CVSS rating of 9 or more. The\u2026","rel":"","context":"In &quot;Critical Patch Update&quot;","block_context":{"text":"Critical Patch Update","link":"https:\/\/www.oradba.ch\/wordpress\/category\/patches\/cpu\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBPatch.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBPatch.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBPatch.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBPatch.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBPatch.png?resize=1050%2C600&ssl=1 3x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/2815","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/comments?post=2815"}],"version-history":[{"count":1,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/2815\/revisions"}],"predecessor-version":[{"id":2816,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/2815\/revisions\/2816"}],"wp:attachment":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/media?parent=2815"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/categories?post=2815"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/tags?post=2815"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}