-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Reference: CERT-EU Security Advisory 2013-0039 Title: Oracle Critical Patch Update - April 2013 Version history: 19.04.2013 Initial publication Summary ======= The Critical Patch Update for April 2013 [2] and The Oracle Java SE Critical Patch Update [3] for April 2013 were released on. Oracle strongly recommends applying the patches as soon as possible. Please note that Sun products are included in this Critical Patch Update. The Critical Patch Update Advisory [1] is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents. Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information. And the information concerning the fixed vulnerabilities [3]. Affected Products and Versions: ============================== Oracle Critical Patch Update Advisory - April 2013: ==================================================== Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3 Oracle Database 11g Release 1, version 11.1.0.7 Oracle Database 10g Release 2, versions 10.2.0.4, 10.2.0.5 Oracle Application Express, versions prior to 4.2.1 Oracle Containers for J2EE, version 10.1.3.5 Oracle COREid Access, version 10.1.4.3 Oracle GoldenGate Veridata, version 3.0.0.11 Oracle HTTP Server, versions 10.1.3.5.0, 11.1.1.5.0, 11.1.1.6.0 Oracle JRockit, versions R27.7.4 and earlier, R28.2.6 and earlier Oracle Outside In Technology, versions 8.3.7, 8.4.0 Oracle WebCenter Capture, version 10.1.3.5.1 Oracle WebCenter Content, versions 10.1.3.5.1, 11.1.1.6.0 Oracle WebCenter Interaction, versions 6.5.1, 10.3.3.0 Oracle WebCenter Sites, versions 7.6.2, 11.1.1.6.0, 11.1.1.6.1 Oracle WebLogic Server, versions 10.0.2, 10.3.5, 10.3.6, 12.1.1 Oracle Web Services Manager, version 11.1.1.6 Oracle E-Business Suite Release 12i, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3 Oracle E-Business Suite Release 11i, version 11.5.10.2 Oracle Agile EDM, versions 6.1.1.0, 6.1.2.0, 6.1.2.2 Oracle Transportation Management, versions 5.5.05, 6.2 Oracle PeopleSoft HRMS, version 9.1 Oracle PeopleSoft PeopleTools, versions 8.51, 8.52, 8.53 Oracle Siebel CRM, versions 8.1.1, 8.2.2 Oracle Clinical Remote Data Capture Option, versions 4.6.0, 4.6.6 Oracle Retail Central Office, versions 13.1, 13.2, 13.3, 13.4 Oracle Retail Integration Bus, versions 13.0, 13.1, 13.2 Oracle FLEXCUBE Direct Banking, versions 2.8.0 - 12.0.1 Primavera P6 Enterprise Project Portfolio Management, versions 7.0, 8.1, 8.2 Oracle and Sun Systems Product Suite Oracle Sun Middleware Products Oracle MySQL Server, versions 5.1, 5.5, 5.6 Oracle Automatic Service Request, versions prior to 4.3.2 Oracle Java SE Critical Patch Update Advisory - April 2013: =========================================================== JDK and JRE 7 Update 17 and earlier JDK and JRE 6 Update 43 and earlier JDK and JRE 5.0 Update 41 and earlier JavaFX 2.2.7 and earlier What can you do? ================ Deploy the updated versions of the software [1][2]. What to tell your users? ======================== N/A More information ================ [1] http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html [2] http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html [3] http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.ht ml [4] http://www.oracle.com/technetwork/topics/security/alerts-086861.html [5] Information about CVSS: http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 -----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.0 (Build 8741) Charset: utf-8 wsFVAwUBUXeJtfpzpNLI8SVoAQg56g//VtJM+5C30aIBxJe0i+8OSHpfDGOqaq2i WAjNe158KhrB5GxoLp2mbRjDVTZLk1jGl0FWJjr1jQWIWs3fYh4XigDZzVFUfb14 5uLdnOJtzWzUglO/Jt54+nJVXtklg7VexSRk7v1gdhK+YVm+flU3VJbKlBYk00HR Q9v10rVNltaDRQRBhySIP4dLa9QGWe9YAQkpiYXP6/TF+I4UpASsjxPyr7Kd/SGd Fe7eOJh/PPSxs4iwmoxkBTBQRMLdlZhrvcLkGegIWhpYnjc45RlfsAIXHdIP1jmi F+ZHVGeUZxMKQIf26vefEQMJFNY0c4V3WOZEs/Kjpp2DOgGWIdnMzDKKzqaHeZtq j779SmhBOScQxtpGvaBFjAr8Qz5H17FWb9Iwn0t/3NRkO6wTXpnd1tdClspDbxci NoT6WysaMxoCkZzhS4s1iWAdd6I22nu5keg68m/NFjXw+YqcKKyq/HQXTEopN/Kn OSeY9RmwvXdAlo8VGANdCw2chlgAxt0zhOHh5zDKly286Bfui/WNVfy49AbFASHG qShIhXi3jCqsglA4lpMnvPkmAKVpivISzuUnzFzZxWHLjVpXPUBENKwiAwXZZiGn pi91QHJy3ya1SuOEtVos7AcL9fw2jmEBArUWFDIm5JFb4gADDzmVYqEpXIkf6vHO 4KgAiAq7E+k= =CovY -----END PGP SIGNATURE-----