Oracle Critical Patch Update for January 2016

Start Here

Get in touch with a
TriCore Solutions specialist

Blog | Jan 22, 2016

Oracle Critical Patch Update for January 2016

Are you ready for another batch of Oracle CPU?

CPU (Critical Patch Update) is a collection of patches for multiple security vulnerabilities and usually cumulative. But it is always advisable to review Prior CPU Advisories for earlier published security fixes.

Oracle has just released CPU for January 2016 which has 248 new security fixes throughout Oracle Products, this is record breaking number so far.

CPU_Jan.png

 Previous CPU Advisories:

Oracle CPU History

Here is the breakdown of Oracle Products affected:

Oracle CPU Chart 1Oracle CPU Chart 2Oracle CPU Chart 3

Oracle CPU Total

As seen in the chart above, Oracle E-Business Suite is by far the front runner with 78 Security Fixes.

The majority of Oracle E-Business Suite fixes are Remote Exploit without Authentication. There are around 21 fixes affecting the newer versions of Oracle E-Business Suite R12.2. (Much discussed about its Online Patching Capability)

Oracle GoldenGate has 2 with 10.0 Base Score, but only on Windows for Database versions prior to 12c and Oracle Java has 3 with 10.0 Base Score

Next in line is in Oracle Database Server with 9.0 Base Score. The affected component is JVM with “create session” Privilege on Windows Platform. I have seen it used loosely within organizations, providentially it’s not Remotely Exploitable without Authentication.

To take advantage of Critical Patch Update, you should keep Oracle Product Versions Upgraded and up to date with latest releases and apply Critical Patch Updates as soon as possible.

 

Critical Patch Update Schedule:

 Critical Patch Updates are released on the Tuesday closest to the 17th day of January, April, July and January. The next four dates are:Oracle CPU Tuesday

19 April 2016

19 July 2016

18 October 2016

17 January 2017

 

Reference: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html