-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2013-0076

Title: Oracle Critical Patch Update Advisory 

Version history:
16.10.2013 Initial publication

Summary
=======
The Oracle Critical Patch Update for October 2013 [1] were released. Oracle strongly recommends applying the patches as soon as possible.


Vulnerable systems
==================
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3
Oracle Database 12c Release 1, version 12.1.0.1
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.6, 11.1.1.7
Oracle Access Manager, versions 11.1.1.5.0, 11.1.2.0.0
Oracle Forms and Reports 11g, Release 2, version 11.1.2.1
Oracle GlassFish Server, versions 2.1.1, 3.0.1, 3.1.2
Oracle HTTP Server 12c, version 12.1.2
Oracle Identity Analytics, version 11.1.1.5; Sun Role Manager, versions 4.1, 5.0
Oracle Identity Manager, versions 11.1.2.0.0, 11.1.2.1.0
Oracle JDeveloper, versions 11.1.2.3.0, 11.1.2.4.0, 12.1.2.0.0
Oracle Outside In Technology, versions 8.4.0, 8.4.1
Oracle Portal, version 11.1.1.6.0
Oracle Web Cache, versions 11.1.1.6, 11.1.1.7
Oracle WebCenter Content, versions 10.1.3.5.1, 11.1.1.6.0, 11.1.1.7.0, 11.1.1.8.0
Oracle WebLogic Server, versions 10.3.6.0, 12.1.1.0
Oracle Web Services, versions 10.1.3.5, 11.1.1.6.0
Oracle Enterprise Manager Grid Control 10g Release 1, version 10.2.0.5
Oracle Enterprise Manager Grid Control 11g Release 1, version 11.1.0.1
Oracle Enterprise Manager Plugin for Database 12c Release 1, versions 12.1.0.2, 12.1.0.3, 12.1.0.4
Oracle E-Business Suite Release 12i, version 12.1
Oracle Agile PLM Framework, version 9.3.2
Oracle Transportation Management, versions 6.2, 6.3, 6.3.1, 6.3.2
Oracle PeopleSoft HRMS, version 9.1
Oracle PeopleSoft HRMS eCompensation, versions 9.1, 9.2
Oracle PeopleSoft PeopleTools, versions 8.51, 8.52, 8.53
Oracle Siebel Core, versions 8.1.1, 8.2.2
Oracle Siebel Server Remote, versions 8.1.1, 8.2.2
Oracle Siebel UI Framework, versions 8.1.1, 8.2.2
Oracle iLearning, versions 5.2.1, 6.0
Oracle Health Sciences InForm, versions 4.5.x, 4.6.x, 5.0.x, 5.5.x and 6.0.0
Oracle Siebel CTMS, version 8.1.1.x
Oracle Retail Invoice Matching, versions 10.2, 11.0, 12.0, 12.0IN, 12.1, 13.0, 13.1, 13.2
Oracle FLEXCUBE Private Banking, versions 1.7, 2.0, 2.0.1, 2.2.0.1, 3.0, 12.0.1
Oracle Instantis EnterpriseTrack, versions 8.0.6, 8.5
Oracle Primavera P6 Enterprise Project Portfolio Management, versions 8.1, 8.2, 8.3
Oracle JavaFX, versions 2.2.40 and earlier
Oracle Java JDK and JRE, versions 5.0u51 and earlier, 6u60 and earlier, 7u40 and earlier
Oracle Java SE Embedded, versions 7u40 and earlier
Oracle JRockit, versions R27.7.6 and earlier, R28.2.8 and earlier
Oracle Solaris versions 10, 11.1
Oracle SPARC Enterprise T series and M Series Servers Firmware versions prior to 6.7.13, 7.4.6.c, 8.3.0.b, 9.0.0.d, 9.0.1.e
Oracle Sun Blade 6000 10GBE switched NEM 1.2, Sun Network 10GBE Switch 72P 1.2, Oracle Switch ES1-24 1.3
Oracle Secure Global Desktop, version 5
Oracle VM VirtualBox, versions prior to 3.2.18, 4.0.20, 4.1.28, 4.2.18
Oracle MySQL Server, versions 5.1, 5.5, 5.6
Oracle MySQL Enterprise Monitor, version 2.3




What can you do?
================
Patches are available in [1].


What to tell your users?
========================
N/A

More information
================
[1] http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html


Best regards,

CERT-EU Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement:
http://cert.europa.eu/cert/plainedition/en/cert_privacy.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJSXoZvAAoJEPpzpNLI8SVoYMgP/2dwwpqx/I3w7JiSJJ1SovKD
X5I/KNARbTcfU7EuiwCrrLt17Ils6K5JvSVLDGpHnsaIsw+z0vXm1XYiMo3/D0oM
qGNRALg6M9/sMvnEWc0art4QrCzYfBbqWudmv/3eIDzMPvKdsCr/hw13PerA036V
wkeYKkdJUrQSCPBNsHlQn0GLIsuZDM+5hEk/69BmlFBJF4EgdC8RvvlqUTzUwol2
r0f8Xh/dUg8fOF0mstGjqhDI1lreFFC/e1xOo1F9vbU8KeWs19t+jKdIvV8Y8ajj
2jN1HJX2Em5aRsRrdTBhUcGIr4+a6cjda5Qm0C4dIRUOvwvUVglF0KQmMeg9t/KY
wgQV7gZ4nPJUeCJxgcTVJXKTXoLf0VG+xtEvmPJE3Rkn4Nhf3k0McTI8rZlv1gf6
I/K0kejwZCCu2GW/GQb9TPxUQ/Q6hkD1MI+ix/1Ay5lr4alDSU6q3OQ4OslDrHa/
7iLVLyrEGfjeIgjiH3Q/MQPK0vdrqeT14puQGVunXhyi4wD/r2sWMuLGP4/TfNeL
ZlrPIncE/lqWbOxlTk/ncQp2C/FM6FGNo8n5JRJSufTudIKi3aZlMjvnagSobPxT
e91Ykya85lvNCRBvnwyloO/Hwf0JXaU5oXDrlWsDE4p9ZW50Qwe4LuHPsuQqA8UU
f7Y9sJd27+FiciOhQqVT
=P4AX
-----END PGP SIGNATURE-----