Oracle January 2020 Critical Patch Update Multiple Vulnerabilities

Risk

High

Date Discovered

January 10, 2020

Description

Oracle has released advance notification regarding the January 2020 Critical Patch Update (CPU) to be released on January 14, 2020. The update addresses 333 vulnerabilities affecting the following software: Oracle Database Server, versions 12.2.0.1, 18c, 19c Oracle Communications Design Studio, versions 7.3.4.3.0, 7.3.5.5.0, 7.4.0.4.0, 7.4.1.1.0 Oracle Communications Diameter Signaling Router (DSR), versions 8.0, 8.1, 8.2, 8.3, 8.4 Oracle Communications Interactive Session Recorder, versions 6.0, 6.1, 6.2, 6.3 Oracle Communications IP Service Activator, versions 7.3.4, 7.4.0 Oracle Communications Session Border Controller, versions 7.4, 8.0, 8.1, 8.2, 8.3 Oracle Communications Session Router, versions 7.4, 8.0, 8.1, 8.2, 8.3 Oracle Communications Subscriber-Aware Load Balancer, versions 7.3, 8.1, 8.2, 8.3 Oracle Communications Unified Inventory Management, versions 7.3, 7.4 Oracle Enterprise Communications Broker, versions PCz3.0, PCz3.1, PCz3.2 Oracle Enterprise Session Border Controller, versions 7.5, 8.0, 8.1, 8.2, 8.3 Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3 Primavera Gateway, versions 15.2.18, 16.2.11, 17.12.6, 18.8.8.1 Primavera P6 Enterprise Project Portfolio Management, versions 15.1.0.0-15.2.18.7, 16.1.0.0-16.2.19.0, 17.1.0.0-17.12.16.0, 18.1.0.0-18.8.16.0, 19.12.0, 19.12.0.0, 20.1.0 Primavera Unifier, versions 16.1, 16.2, 17.7-17.12, 18.8, 19.12 Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.9 Enterprise Manager Base Platform, versions 12.1.0.5, 13.2.0.0, 13.3.0.0 Enterprise Manager for Fusion Middleware, versions 12.1.0.5, 13.2.0.0, 13.3.0.0 Enterprise Manager for Oracle Database, versions 12.1.0.5, 13.2.0.0, 13.3.0.0 Enterprise Manager Ops Center, versions 12.3.3, 12.4.0 Oracle Application Testing Suite, versions 13.2, 13.2.0.1, 13.3, 13.3.0.1 Oracle Banking Corporate Lending, versions 12.3.0-12.4.0, 14.0.0-14.3.0 Oracle Banking Payments, versions 14.1.0-14.3.0 Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3-7.3.5, 8.0.0-8.0.8 Oracle Financial Services Funds Transfer Pricing, versions 8.0.2-8.0.7 Oracle Financial Services Revenue Management and Billing, versions 2.7.0.0, 2.7.0.1, 2.8.0.0 Oracle FLEXCUBE Investor Servicing, versions 12.1.0-12.4.0, 14.0.0-14.1.0 Oracle FLEXCUBE Universal Banking, versions 12.0.1-12.4.0, 14.0.0-14.3.0 Oracle Hospitality Suites Management, versions 3.7, 3.8 Identity Manager, versions 11.1.2.3.0, 12.2.1.3.0 Oracle Big Data Discovery, version 1.6 Oracle Business Intelligence Enterprise Edition, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 Oracle Coherence, versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 Oracle Endeca Information Discovery Integrator, version 3.2.0 Oracle Endeca Information Discovery Studio, version 3.2.0 Oracle Enterprise Repository, version 12.1.3.0.0 Oracle HTTP Server, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0 Oracle Outside In Technology, version 8.5.4 Oracle Reports Developer, versions 12.2.1.3.0, 12.2.1.4.0 Oracle Security Service, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0 Oracle Tuxedo, versions 12.1.1.0.0, 12.1.3.0.0 Oracle WebCenter Sites, versions 12.2.1.3.0, 12.2.1.4.0 Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 Oracle GraalVM Enterprise Edition, version 19.3.0.2 Oracle Clinical, version 5.2 Oracle Health Sciences Data Management Workbench, versions 2.4, 2.5 Oracle Healthcare Master Person Index, version 3.0 Oracle Hospitality Cruise Materials Management, version 7.30.567 Oracle Hospitality Guest Access, version 4.2 Oracle Hospitality OPERA 5, versions 5.5, 5.6 Hyperion Financial Close Management, version 11.1.2.4 Hyperion Planning, version 11.1.2.4 Oracle iLearning, version 6.1 Oracle Java SE, versions 7u241, 8u231, 8u241, 11.0.5, 13.0.1 Oracle Java SE Embedded, version 8u231 JD Edwards EnterpriseOne Orchestrator, version 9.2 JD Edwards EnterpriseOne Tools, version 9.2 MySQL Client, versions 5.6.46 and prior, 5.7.28 and prior, 8.0.18 and prior MySQL Cluster, versions 7.3.27 and prior, 7.4.25 and prior, 7.5.15 and prior, 7.6.12 and prior MySQL Connectors, versions 5.3.13 and prior, 8.0.18 and prior MySQL Enterprise Backup, versions 3.12.4 and prior, 4.1.3 and prior MySQL Server, versions 5.6.46 and prior, 5.7.28 and prior, 8.0.18 and prior MySQL Workbench, versions 8.0.18 and prior PeopleSoft Enterprise CC Common Application Objects, versions 9.1, 9.2 PeopleSoft Enterprise HCM Human Resources, version 9.2 PeopleSoft Enterprise PeopleTools, versions 8.56, 8.57, 8.58 PeopleSoft PeopleTools, versions 8.56, 8.57 Oracle Retail Assortment Planning, versions 14.1.3, 15.0.3, 16.0.3, 16.0.3.173 Oracle Retail Brand Compliance Management Cloud Service, version 18.1 Oracle Retail Clearance Optimization Engine, versions 13.4, 14.0, 14.0.3, 14.0.5 Oracle Retail Customer Management and Segmentation Foundation, versions 16.0, 17.0, 18.0 Oracle Retail Markdown Optimization, versions 13.4, 13.4.4 Oracle Retail Order Broker, versions 5.2, 15.0, 16.0, 18.0 Oracle Retail Predictive Application Server, versions 15.0.3, 16.0.3 Oracle Retail Sales Audit, version 12.0 Siebel Applications, versions 19.10 and prior Ethernet Switch ES1-24, ES2-64, versions 1.3.1.24, 2.0.0.14 Oracle Solaris, versions 10, 11 Oracle VM Server for SPARC, version 3.6 Sun ZFS Storage Appliance Kit, version 8.8.6 Tape Library ACSLS, versions 8.5, 8.5.1 Oracle Agile Engineering Data Management, versions 6.2.0, 6.2.1 Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6 Oracle Agile PLM Framework, version 9.3.3 Oracle Agile PLM MCAD Connector, versions 3.4, 3.5, 3.6 Oracle AutoVue 3D Professional Advanced, version 5.3 Oracle Demantra Demand Management, versions 12.2.4, 12.2.4.1, 12.2.5, 12.2.5.1 Oracle Real-Time Scheduler, versions 2.3.0.1-2.3.0.3 Oracle Utilities Framework, versions 4.2.0.2-4.2.0.3, 4.3.0.1-4.3.0.4 Oracle Utilities Mobile Workforce Management, versions 2.3.0.1-2.3.0.3 Oracle Utilities Work and Asset Management (v1), version 1.9.1.2 Oracle Secure Global Desktop, versions 5.4, 5.5 Oracle VM VirtualBox, versions prior to 5.2.36, prior to 6.0.16, prior to 6.1.2 Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system.

Technologies Affected

  • Oracle Agile Engineering Data Management 6.2.0
  • Oracle Agile Engineering Data Management 6.2.1
  • Oracle Agile PLM 9.3.3
  • Oracle Agile PLM 9.3.4
  • Oracle Agile PLM 9.3.5
  • Oracle Agile PLM 9.3.6
  • Oracle Agile PLM Framework 9.3.3
  • Oracle Agile PLM MCAD Connector 3.4
  • Oracle Agile PLM MCAD Connector 3.5
  • Oracle Agile PLM MCAD Connector 3.6
  • Oracle Application Testing Suite 13.2
  • Oracle Application Testing Suite 13.2.0.1
  • Oracle Application Testing Suite 13.3
  • Oracle Application Testing Suite 13.3.0.1
  • Oracle AutoVue 3D Professional Advanced 5.3
  • Oracle Banking Corporate Lending 12.3.0
  • Oracle Banking Corporate Lending 12.4.0
  • Oracle Banking Corporate Lending 14.0.0
  • Oracle Banking Corporate Lending 14.1.0
  • Oracle Banking Corporate Lending 14.3.0
  • Oracle Banking Payments 14.1.0
  • Oracle Banking Payments 14.3.0
  • Oracle Big Data Discovery 1.6.0
  • Oracle Business Intelligence Enterprise Edition 11.1.1.9.0
  • Oracle Business Intelligence Enterprise Edition 12.2.1.3.0
  • Oracle Business Intelligence Enterprise Edition 12.2.1.4.0
  • Oracle Coherence 12.1.3.0.0
  • Oracle Coherence 12.2.1.3.0
  • Oracle Coherence 12.2.1.4.0
  • Oracle Communications Design Studio 7.3.4.3.0
  • Oracle Communications Design Studio 7.3.5.5.0
  • Oracle Communications Design Studio 7.4.0.4.0
  • Oracle Communications Design Studio 7.4.1.1.0
  • Oracle Communications Diameter Signaling Router 8.0
  • Oracle Communications Diameter Signaling Router 8.1
  • Oracle Communications Diameter Signaling Router 8.2
  • Oracle Communications Diameter Signaling Router 8.3
  • Oracle Communications Diameter Signaling Router 8.4
  • Oracle Communications IP Service Activator 7.3.4
  • Oracle Communications IP Service Activator 7.4.0
  • Oracle Communications Interactive Session Recorder 6.0
  • Oracle Communications Interactive Session Recorder 6.1
  • Oracle Communications Interactive Session Recorder 6.2
  • Oracle Communications Interactive Session Recorder 6.3
  • Oracle Communications Session Border Controller 7.4.0
  • Oracle Communications Session Border Controller 8.0.0
  • Oracle Communications Session Border Controller 8.1.0
  • Oracle Communications Session Border Controller 8.2.0
  • Oracle Communications Session Border Controller 8.3.0
  • Oracle Communications Session Router 7.4
  • Oracle Communications Session Router 8.0
  • Oracle Communications Session Router 8.1
  • Oracle Communications Session Router 8.2
  • Oracle Communications Session Router 8.3
  • Oracle Communications Subscriber-Aware Load Balancer 7.3
  • Oracle Communications Subscriber-Aware Load Balancer 8.1
  • Oracle Communications Subscriber-Aware Load Balancer 8.2
  • Oracle Communications Subscriber-Aware Load Balancer 8.3
  • Oracle Communications Unified Inventory Management 7.3
  • Oracle Communications Unified Inventory Management 7.4.0
  • Oracle Database Server 12.2.0.1
  • Oracle Database Server 18c
  • Oracle Database Server 19c
  • Oracle Demantra Demand Management 12.2.4
  • Oracle Demantra Demand Management 12.2.4.1
  • Oracle Demantra Demand Management 12.2.5
  • Oracle Demantra Demand Management 12.2.5.1
  • Oracle E-Business Suite 12.1.1
  • Oracle E-Business Suite 12.1.2
  • Oracle E-Business Suite 12.1.3
  • Oracle E-Business Suite 12.2.3
  • Oracle E-Business Suite 12.2.4
  • Oracle E-Business Suite 12.2.5
  • Oracle E-Business Suite 12.2.6
  • Oracle E-Business Suite 12.2.7
  • Oracle E-Business Suite 12.2.8
  • Oracle E-Business Suite 12.2.9
  • Oracle Endeca Information Discovery Integrator 3.2.0
  • Oracle Endeca Information Discovery Studio 3.2
  • Oracle Enterprise Communications Broker PCz3.0
  • Oracle Enterprise Communications Broker PCz3.1
  • Oracle Enterprise Communications Broker PCz3.2
  • Oracle Enterprise Manager Base Platform 12.1.0.5
  • Oracle Enterprise Manager Base Platform 13.2.0.0
  • Oracle Enterprise Manager Base Platform 13.3
  • Oracle Enterprise Manager Ops Center 12.3.3
  • Oracle Enterprise Manager Ops Center 12.4.0
  • Oracle Enterprise Manager for Fusion Middleware 12.1.0.5
  • Oracle Enterprise Manager for Fusion Middleware 13.2
  • Oracle Enterprise Manager for Fusion Middleware 13.3
  • Oracle Enterprise Manager for Oracle Database 12.1.0.5
  • Oracle Enterprise Manager for Oracle Database 13.2.0.0
  • Oracle Enterprise Manager for Oracle Database 13.3.0.0
  • Oracle Enterprise Repository 12.1.3.0.0
  • Oracle Enterprise Session Border Controller 7.5.0
  • Oracle Enterprise Session Border Controller 8.0.0
  • Oracle Enterprise Session Border Controller 8.1.0
  • Oracle Enterprise Session Border Controller 8.2.0
  • Oracle Enterprise Session Border Controller 8.3.0
  • Oracle Ethernet Switch ES1-24 1.3.1.24
  • Oracle Ethernet Switch ES1-24 2.0.0.14
  • Oracle Ethernet Switch ES2-64 1.3.1.24
  • Oracle Ethernet Switch ES2-64 2.0.0.14
  • Oracle FLEXCUBE Investor Servicing 12.1.0
  • Oracle FLEXCUBE Investor Servicing 12.2.0
  • Oracle FLEXCUBE Investor Servicing 12.3.0
  • Oracle FLEXCUBE Investor Servicing 12.4.0
  • Oracle FLEXCUBE Investor Servicing 14.0.0
  • Oracle FLEXCUBE Investor Servicing 14.1.0
  • Oracle FLEXCUBE Universal Banking 12.1.0
  • Oracle FLEXCUBE Universal Banking 12.2.0
  • Oracle FLEXCUBE Universal Banking 12.3.0
  • Oracle FLEXCUBE Universal Banking 12.4.0
  • Oracle FLEXCUBE Universal Banking 14.0.0
  • Oracle FLEXCUBE Universal Banking 14.1.0
  • Oracle FLEXCUBE Universal Banking 14.2.0
  • Oracle FLEXCUBE Universal Banking 14.3.0
  • Oracle Financial Services Analytical Applications Infrastructure 7.3.3
  • Oracle Financial Services Analytical Applications Infrastructure 7.3.4
  • Oracle Financial Services Analytical Applications Infrastructure 7.3.5
  • Oracle Financial Services Analytical Applications Infrastructure 8.0.0
  • Oracle Financial Services Analytical Applications Infrastructure 8.0.1
  • Oracle Financial Services Analytical Applications Infrastructure 8.0.2
  • Oracle Financial Services Analytical Applications Infrastructure 8.0.3
  • Oracle Financial Services Analytical Applications Infrastructure 8.0.4
  • Oracle Financial Services Analytical Applications Infrastructure 8.0.5
  • Oracle Financial Services Analytical Applications Infrastructure 8.0.6
  • Oracle Financial Services Analytical Applications Infrastructure 8.0.7
  • Oracle Financial Services Analytical Applications Infrastructure 8.0.8
  • Oracle Financial Services Funds Transfer Pricing 8.0.2
  • Oracle Financial Services Funds Transfer Pricing 8.0.3
  • Oracle Financial Services Funds Transfer Pricing 8.0.4
  • Oracle Financial Services Funds Transfer Pricing 8.0.5
  • Oracle Financial Services Funds Transfer Pricing 8.0.6
  • Oracle Financial Services Funds Transfer Pricing 8.0.7
  • Oracle Financial Services Revenue Management and Billing 2.7.0.0
  • Oracle Financial Services Revenue Management and Billing 2.7.0.1
  • Oracle Financial Services Revenue Management and Billing 2.8.0.0
  • Oracle GraalVM Enterprise Edition 19.3.0.2
  • Oracle HTTP Server 11.1.1.9.0
  • Oracle HTTP Server 12.1.3.0.0
  • Oracle HTTP Server 12.2.1.3.0
  • Oracle Hospitality Cruise Materials Management 7.30.567
  • Oracle Hospitality Guest Access 4.2.0
  • Oracle Hospitality OPERA 5 5.5
  • Oracle Hospitality OPERA 5 5.6
  • Oracle Hospitality Suites Management 3.7
  • Oracle Hospitality Suites Management 3.8
  • Oracle Hyperion Financial Close Management 11.1.2.4
  • Oracle Hyperion Planning 11.1.2.4
  • Oracle Identity Manager 11.1.2.3.0
  • Oracle Identity Manager 12.2.1.3.0
  • Oracle Instantis EnterpriseTrack 17.1
  • Oracle Instantis EnterpriseTrack 17.2
  • Oracle Instantis EnterpriseTrack 17.3
  • Oracle JD Edwards EnterpriseOne Orchestrator 9.2
  • Oracle JD Edwards EnterpriseOne Tools 9.2
  • Oracle JDK(Linux Production Release) 1.7.0 Update 241
  • Oracle JDK(Linux Production Release) 1.8.0 Update 231
  • Oracle JDK(Linux Production Release) 1.8.0 Update 241
  • Oracle JDK(Linux Production Release) 11.0.5
  • Oracle JDK(Linux Production Release) 13.0.1
  • Oracle JDK(Solaris Production Release) 1.7.0 Update 241
  • Oracle JDK(Solaris Production Release) 1.8.0 Update 231
  • Oracle JDK(Solaris Production Release) 1.8.0 Update 241
  • Oracle JDK(Solaris Production Release) 11.0.5
  • Oracle JDK(Solaris Production Release) 13.0.1
  • Oracle JDK(Windows Production Release) 1.7.0 Update 241
  • Oracle JDK(Windows Production Release) 1.8.0 Update 231
  • Oracle JDK(Windows Production Release) 1.8.0 Update 241
  • Oracle JDK(Windows Production Release) 11.0.5
  • Oracle JDK(Windows Production Release) 13.0.1
  • Oracle JRE(Linux Production Release) 1.7.0 Update 241
  • Oracle JRE(Linux Production Release) 1.8.0 Update 231
  • Oracle JRE(Linux Production Release) 1.8.0 Update 241
  • Oracle JRE(Linux Production Release) 11.0.5
  • Oracle JRE(Linux Production Release) 13.0.1
  • Oracle JRE(Solaris Production Release) 1.7.0 Update 241
  • Oracle JRE(Solaris Production Release) 1.8.0 Update 231
  • Oracle JRE(Solaris Production Release) 1.8.0 Update 241
  • Oracle JRE(Solaris Production Release) 11.0.5
  • Oracle JRE(Solaris Production Release) 13.0.1
  • Oracle JRE(Windows Production Release) 1.7.0 Update 241
  • Oracle JRE(Windows Production Release) 1.8.0 Update 231
  • Oracle JRE(Windows Production Release) 1.8.0 Update 241
  • Oracle JRE(Windows Production Release) 11.0.5
  • Oracle JRE(Windows Production Release) 13.0.1
  • Oracle Java SE Embedded 8u231
  • Oracle MySQL Client 5.5.60
  • Oracle MySQL Client 5.6.40
  • Oracle MySQL Client 5.6.46
  • Oracle MySQL Client 5.7.22
  • Oracle MySQL Client 5.7.28
  • Oracle MySQL Client 8.0.11
  • Oracle MySQL Client 8.0.18
  • Oracle MySQL Cluster 7.2.19
  • Oracle MySQL Cluster 7.2.25
  • Oracle MySQL Cluster 7.2.26
  • Oracle MySQL Cluster 7.2.27
  • Oracle MySQL Cluster 7.3.14
  • Oracle MySQL Cluster 7.3.16
  • Oracle MySQL Cluster 7.3.27
  • Oracle MySQL Cluster 7.3.5
  • Oracle MySQL Cluster 7.3.8
  • Oracle MySQL Cluster 7.4.12
  • Oracle MySQL Cluster 7.4.14
  • Oracle MySQL Cluster 7.4.25
  • Oracle MySQL Cluster 7.4.5
  • Oracle MySQL Cluster 7.5.15
  • Oracle MySQL Cluster 7.5.5
  • Oracle MySQL Cluster 7.6.12
  • Oracle MySQL Connectors 2.1.5
  • Oracle MySQL Connectors 2.1.8
  • Oracle MySQL Connectors 5.1.30
  • Oracle MySQL Connectors 5.1.33
  • Oracle MySQL Connectors 5.1.34
  • Oracle MySQL Connectors 5.1.40
  • Oracle MySQL Connectors 5.1.41
  • Oracle MySQL Connectors 5.3.10
  • Oracle MySQL Connectors 5.3.12
  • Oracle MySQL Connectors 5.3.13
  • Oracle MySQL Connectors 5.3.7
  • Oracle MySQL Connectors 5.3.9
  • Oracle MySQL Connectors 6.1.10
  • Oracle MySQL Connectors 6.1.9
  • Oracle MySQL Connectors 6.10.4
  • Oracle MySQL Connectors 6.9.9
  • Oracle MySQL Connectors 8.0.11
  • Oracle MySQL Connectors 8.0.12
  • Oracle MySQL Connectors 8.0.13
  • Oracle MySQL Connectors 8.0.15
  • Oracle MySQL Connectors 8.0.17
  • Oracle MySQL Connectors 8.0.18
  • Oracle MySQL Enterprise Backup 3.10.0
  • Oracle MySQL Enterprise Backup 3.10.1
  • Oracle MySQL Enterprise Backup 3.12.2
  • Oracle MySQL Enterprise Backup 3.12.3
  • Oracle MySQL Enterprise Backup 3.12.4
  • Oracle MySQL Enterprise Backup 4.0.1
  • Oracle MySQL Enterprise Backup 4.0.3
  • Oracle MySQL Enterprise Backup 4.1.2
  • Oracle MySQL Enterprise Backup 4.1.3
  • Oracle MySQL Server 5.1
  • Oracle MySQL Server 5.5.35
  • Oracle MySQL Server 5.5.36
  • Oracle MySQL Server 5.5.40
  • Oracle MySQL Server 5.5.41
  • Oracle MySQL Server 5.5.42
  • Oracle MySQL Server 5.5.43
  • Oracle MySQL Server 5.5.44
  • Oracle MySQL Server 5.5.45
  • Oracle MySQL Server 5.5.46
  • Oracle MySQL Server 5.5.47
  • Oracle MySQL Server 5.5.48
  • Oracle MySQL Server 5.5.52
  • Oracle MySQL Server 5.5.53
  • Oracle MySQL Server 5.5.54
  • Oracle MySQL Server 5.5.55
  • Oracle MySQL Server 5.5.56
  • Oracle MySQL Server 5.5.57
  • Oracle MySQL Server 5.5.58
  • Oracle MySQL Server 5.5.59
  • Oracle MySQL Server 5.5.60
  • Oracle MySQL Server 5.5.61
  • Oracle MySQL Server 5.6
  • Oracle MySQL Server 5.6.15
  • Oracle MySQL Server 5.6.16
  • Oracle MySQL Server 5.6.20
  • Oracle MySQL Server 5.6.21
  • Oracle MySQL Server 5.6.22
  • Oracle MySQL Server 5.6.23
  • Oracle MySQL Server 5.6.24
  • Oracle MySQL Server 5.6.25
  • Oracle MySQL Server 5.6.26
  • Oracle MySQL Server 5.6.27
  • Oracle MySQL Server 5.6.28
  • Oracle MySQL Server 5.6.29
  • Oracle MySQL Server 5.6.30
  • Oracle MySQL Server 5.6.33
  • Oracle MySQL Server 5.6.34
  • Oracle MySQL Server 5.6.35
  • Oracle MySQL Server 5.6.36
  • Oracle MySQL Server 5.6.37
  • Oracle MySQL Server 5.6.38
  • Oracle MySQL Server 5.6.39
  • Oracle MySQL Server 5.6.40
  • Oracle MySQL Server 5.6.41
  • Oracle MySQL Server 5.6.42
  • Oracle MySQL Server 5.6.43
  • Oracle MySQL Server 5.6.44
  • Oracle MySQL Server 5.6.45
  • Oracle MySQL Server 5.6.46
  • Oracle MySQL Server 5.7.0
  • Oracle MySQL Server 5.7.12
  • Oracle MySQL Server 5.7.15
  • Oracle MySQL Server 5.7.16
  • Oracle MySQL Server 5.7.17
  • Oracle MySQL Server 5.7.18
  • Oracle MySQL Server 5.7.19
  • Oracle MySQL Server 5.7.20
  • Oracle MySQL Server 5.7.21
  • Oracle MySQL Server 5.7.22
  • Oracle MySQL Server 5.7.23
  • Oracle MySQL Server 5.7.24
  • Oracle MySQL Server 5.7.25
  • Oracle MySQL Server 5.7.26
  • Oracle MySQL Server 5.7.27
  • Oracle MySQL Server 5.7.28
  • Oracle MySQL Server 8.0.11
  • Oracle MySQL Server 8.0.12
  • Oracle MySQL Server 8.0.13
  • Oracle MySQL Server 8.0.14
  • Oracle MySQL Server 8.0.15
  • Oracle MySQL Server 8.0.16
  • Oracle MySQL Server 8.0.17
  • Oracle MySQL Server 8.0.18
  • Oracle MySQL Workbench 6.1.4
  • Oracle MySQL Workbench 6.1.5
  • Oracle MySQL Workbench 6.3.10
  • Oracle MySQL Workbench 6.3.8
  • Oracle MySQL Workbench 8.0.11
  • Oracle MySQL Workbench 8.0.13
  • Oracle MySQL Workbench 8.0.16
  • Oracle MySQL Workbench 8.0.17
  • Oracle MySQL Workbench 8.0.18
  • Oracle Outside In Technology 8.5.4
  • Oracle PeopleSoft Enterprise CC Common Application Objects 9.1
  • Oracle PeopleSoft Enterprise CC Common Application Objects 9.2
  • Oracle PeopleSoft Enterprise HCM Human Resources 9.2
  • Oracle PeopleSoft Enterprise PeopleTools 8.56
  • Oracle PeopleSoft Enterprise PeopleTools 8.57
  • Oracle PeopleSoft Enterprise PeopleTools 8.58
  • Oracle PeopleSoft PeopleTools 8.56
  • Oracle PeopleSoft PeopleTools 8.57
  • Oracle Primavera Gateway 15.2.18
  • Oracle Primavera Gateway 16.2.11
  • Oracle Primavera Gateway 17.12.6
  • Oracle Primavera Gateway 18.8.8.1
  • Oracle Primavera P6 Enterprise Project Portfolio Management 15.1
  • Oracle Primavera P6 Enterprise Project Portfolio Management 15.2
  • Oracle Primavera P6 Enterprise Project Portfolio Management 15.2.18
  • Oracle Primavera P6 Enterprise Project Portfolio Management 15.2.18.7
  • Oracle Primavera P6 Enterprise Project Portfolio Management 16.1
  • Oracle Primavera P6 Enterprise Project Portfolio Management 16.2
  • Oracle Primavera P6 Enterprise Project Portfolio Management 16.2.18
  • Oracle Primavera P6 Enterprise Project Portfolio Management 16.2.19.0
  • Oracle Primavera P6 Enterprise Project Portfolio Management 17.1
  • Oracle Primavera P6 Enterprise Project Portfolio Management 17.12
  • Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.12
  • Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.14
  • Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.16.0
  • Oracle Primavera P6 Enterprise Project Portfolio Management 17.7
  • Oracle Primavera P6 Enterprise Project Portfolio Management 18.1.0
  • Oracle Primavera P6 Enterprise Project Portfolio Management 18.8
  • Oracle Primavera P6 Enterprise Project Portfolio Management 18.8.11
  • Oracle Primavera P6 Enterprise Project Portfolio Management 18.8.13
  • Oracle Primavera P6 Enterprise Project Portfolio Management 18.8.16.0
  • Oracle Primavera P6 Enterprise Project Portfolio Management 19.12.0
  • Oracle Primavera P6 Enterprise Project Portfolio Management 20.1.0
  • Oracle Primavera Unifier 16.1
  • Oracle Primavera Unifier 16.2
  • Oracle Primavera Unifier 17.12
  • Oracle Primavera Unifier 17.7
  • Oracle Primavera Unifier 18.8
  • Oracle Primavera Unifier 19.12
  • Oracle Real-Time Scheduler 2.3.0.1
  • Oracle Real-Time Scheduler 2.3.0.3
  • Oracle Reports Developer 12.2.1.3
  • Oracle Reports Developer 12.2.1.4
  • Oracle Retail Assortment Planning 14.1.3
  • Oracle Retail Assortment Planning 15.0.3
  • Oracle Retail Assortment Planning 16.0.3
  • Oracle Retail Assortment Planning 16.0.3.173
  • Oracle Retail Brand Compliance Management Cloud Service 18.1
  • Oracle Retail Clearance Optimization Engine 13.4
  • Oracle Retail Clearance Optimization Engine 14.0
  • Oracle Retail Clearance Optimization Engine 14.0.3
  • Oracle Retail Clearance Optimization Engine 14.0.5
  • Oracle Retail Customer Management and Segmentation Foundation 16.0
  • Oracle Retail Customer Management and Segmentation Foundation 17.0
  • Oracle Retail Customer Management and Segmentation Foundation 18.0
  • Oracle Retail Markdown Optimization 13.4
  • Oracle Retail Markdown Optimization 13.4.4
  • Oracle Retail Order Broker 15.0
  • Oracle Retail Order Broker 16.0
  • Oracle Retail Order Broker 18.0
  • Oracle Retail Order Broker 5.2
  • Oracle Retail Predictive Application Server 15.0.3
  • Oracle Retail Predictive Application Server 16.0.3
  • Oracle Retail Sales Audit 12.0
  • Oracle Secure Global Desktop 5.4
  • Oracle Secure Global Desktop 5.5
  • Oracle Security Service 11.1.1.9.0
  • Oracle Security Service 12.1.3.0.0
  • Oracle Security Service 12.2.1.3.0
  • Oracle Siebel Applications 16.1
  • Oracle Siebel Applications 17.0
  • Oracle Siebel Applications 18.0
  • Oracle Siebel Applications 18.10
  • Oracle Siebel Applications 18.11
  • Oracle Siebel Applications 18.12
  • Oracle Siebel Applications 18.7
  • Oracle Siebel Applications 18.8
  • Oracle Siebel Applications 18.9
  • Oracle Siebel Applications 19.0
  • Oracle Siebel Applications 19.10
  • Oracle Siebel Applications 19.3
  • Oracle Siebel Applications 19.7
  • Oracle Siebel Applications 19.8
  • Oracle Siebel Applications 6.1
  • Oracle Siebel Applications 6.2
  • Oracle Siebel Applications 7.0
  • Oracle Siebel Applications 7.1
  • Oracle Siebel Applications 8.1
  • Oracle Siebel Applications 8.1.1
  • Oracle Siebel Applications 8.2
  • Oracle Siebel Applications 8.2.2
  • Oracle Siebel Applications 8.5
  • Oracle Solaris 10
  • Oracle Solaris 11
  • Oracle Sun ZFS Storage Appliance Kit (AK) 8.8.6
  • Oracle Tape Library ACSLS 8.5
  • Oracle Tape Library ACSLS 8.5.1
  • Oracle Tuxedo 12.1.1.0.0
  • Oracle Tuxedo 12.1.3.0.0
  • Oracle Utilities Framework 4.2.0.2.0
  • Oracle Utilities Framework 4.2.0.3.0
  • Oracle Utilities Framework 4.3.0.1
  • Oracle Utilities Framework 4.3.0.2.0
  • Oracle Utilities Framework 4.3.0.3.0
  • Oracle Utilities Framework 4.3.0.4
  • Oracle Utilities Mobile Workforce Management 2.3.0.1
  • Oracle Utilities Mobile Workforce Management 2.3.0.3
  • Oracle Utilities Work and Asset Management 1.9.1.2
  • Oracle VM Server for SPARC 3.6
  • Oracle VM VirtualBox 1.6
  • Oracle VM VirtualBox 1.6.0
  • Oracle VM VirtualBox 1.6.2
  • Oracle VM VirtualBox 1.6.4
  • Oracle VM VirtualBox 1.6.6
  • Oracle VM VirtualBox 2.0.0
  • Oracle VM VirtualBox 2.0.10
  • Oracle VM VirtualBox 2.0.12
  • Oracle VM VirtualBox 2.0.2
  • Oracle VM VirtualBox 2.0.4
  • Oracle VM VirtualBox 2.0.6
  • Oracle VM VirtualBox 2.0.8
  • Oracle VM VirtualBox 2.1
  • Oracle VM VirtualBox 2.1.0
  • Oracle VM VirtualBox 2.1.2
  • Oracle VM VirtualBox 2.1.4
  • Oracle VM VirtualBox 2.2
  • Oracle VM VirtualBox 2.2.0
  • Oracle VM VirtualBox 2.2.2
  • Oracle VM VirtualBox 2.2.4
  • Oracle VM VirtualBox 3.0
  • Oracle VM VirtualBox 3.0.0
  • Oracle VM VirtualBox 3.0.10
  • Oracle VM VirtualBox 3.0.12
  • Oracle VM VirtualBox 3.0.14
  • Oracle VM VirtualBox 3.0.2
  • Oracle VM VirtualBox 3.0.4
  • Oracle VM VirtualBox 3.0.6
  • Oracle VM VirtualBox 3.0.8
  • Oracle VM VirtualBox 3.1
  • Oracle VM VirtualBox 3.1.0
  • Oracle VM VirtualBox 3.1.2
  • Oracle VM VirtualBox 3.1.4
  • Oracle VM VirtualBox 3.1.6
  • Oracle VM VirtualBox 3.1.8
  • Oracle VM VirtualBox 3.2
  • Oracle VM VirtualBox 3.2.0
  • Oracle VM VirtualBox 3.2.10
  • Oracle VM VirtualBox 3.2.12
  • Oracle VM VirtualBox 3.2.14
  • Oracle VM VirtualBox 3.2.16
  • Oracle VM VirtualBox 3.2.18
  • Oracle VM VirtualBox 3.2.19
  • Oracle VM VirtualBox 3.2.2
  • Oracle VM VirtualBox 3.2.20
  • Oracle VM VirtualBox 3.2.21
  • Oracle VM VirtualBox 3.2.22
  • Oracle VM VirtualBox 3.2.24
  • Oracle VM VirtualBox 3.2.25
  • Oracle VM VirtualBox 3.2.4
  • Oracle VM VirtualBox 3.2.6
  • Oracle VM VirtualBox 3.2.8
  • Oracle VM VirtualBox 3.3
  • Oracle VM VirtualBox 4.0
  • Oracle VM VirtualBox 4.0.0
  • Oracle VM VirtualBox 4.0.10
  • Oracle VM VirtualBox 4.0.12
  • Oracle VM VirtualBox 4.0.14
  • Oracle VM VirtualBox 4.0.16
  • Oracle VM VirtualBox 4.0.18
  • Oracle VM VirtualBox 4.0.2
  • Oracle VM VirtualBox 4.0.20
  • Oracle VM VirtualBox 4.0.21
  • Oracle VM VirtualBox 4.0.22
  • Oracle VM VirtualBox 4.0.23
  • Oracle VM VirtualBox 4.0.24
  • Oracle VM VirtualBox 4.0.26
  • Oracle VM VirtualBox 4.0.27
  • Oracle VM VirtualBox 4.0.30
  • Oracle VM VirtualBox 4.0.34
  • Oracle VM VirtualBox 4.0.35
  • Oracle VM VirtualBox 4.0.36
  • Oracle VM VirtualBox 4.0.4
  • Oracle VM VirtualBox 4.0.6
  • Oracle VM VirtualBox 4.0.8
  • Oracle VM VirtualBox 4.1
  • Oracle VM VirtualBox 4.1.0
  • Oracle VM VirtualBox 4.1.10
  • Oracle VM VirtualBox 4.1.12
  • Oracle VM VirtualBox 4.1.14
  • Oracle VM VirtualBox 4.1.16
  • Oracle VM VirtualBox 4.1.18
  • Oracle VM VirtualBox 4.1.2
  • Oracle VM VirtualBox 4.1.20
  • Oracle VM VirtualBox 4.1.22
  • Oracle VM VirtualBox 4.1.24
  • Oracle VM VirtualBox 4.1.26
  • Oracle VM VirtualBox 4.1.28
  • Oracle VM VirtualBox 4.1.29
  • Oracle VM VirtualBox 4.1.30
  • Oracle VM VirtualBox 4.1.31
  • Oracle VM VirtualBox 4.1.32
  • Oracle VM VirtualBox 4.1.34
  • Oracle VM VirtualBox 4.1.35
  • Oracle VM VirtualBox 4.1.38
  • Oracle VM VirtualBox 4.1.4
  • Oracle VM VirtualBox 4.1.42
  • Oracle VM VirtualBox 4.1.43
  • Oracle VM VirtualBox 4.1.44
  • Oracle VM VirtualBox 4.1.6
  • Oracle VM VirtualBox 4.1.8
  • Oracle VM VirtualBox 4.2
  • Oracle VM VirtualBox 4.2.0
  • Oracle VM VirtualBox 4.2.0-RC3
  • Oracle VM VirtualBox 4.2.10
  • Oracle VM VirtualBox 4.2.12
  • Oracle VM VirtualBox 4.2.14
  • Oracle VM VirtualBox 4.2.16
  • Oracle VM VirtualBox 4.2.18
  • Oracle VM VirtualBox 4.2.19
  • Oracle VM VirtualBox 4.2.2
  • Oracle VM VirtualBox 4.2.20
  • Oracle VM VirtualBox 4.2.22
  • Oracle VM VirtualBox 4.2.23
  • Oracle VM VirtualBox 4.2.24
  • Oracle VM VirtualBox 4.2.26
  • Oracle VM VirtualBox 4.2.27
  • Oracle VM VirtualBox 4.2.30
  • Oracle VM VirtualBox 4.2.34
  • Oracle VM VirtualBox 4.2.35
  • Oracle VM VirtualBox 4.2.36
  • Oracle VM VirtualBox 4.2.4
  • Oracle VM VirtualBox 4.2.6
  • Oracle VM VirtualBox 4.2.8
  • Oracle VM VirtualBox 4.3
  • Oracle VM VirtualBox 4.3.0
  • Oracle VM VirtualBox 4.3.10
  • Oracle VM VirtualBox 4.3.12
  • Oracle VM VirtualBox 4.3.14
  • Oracle VM VirtualBox 4.3.15
  • Oracle VM VirtualBox 4.3.16
  • Oracle VM VirtualBox 4.3.17
  • Oracle VM VirtualBox 4.3.18
  • Oracle VM VirtualBox 4.3.19
  • Oracle VM VirtualBox 4.3.2
  • Oracle VM VirtualBox 4.3.20
  • Oracle VM VirtualBox 4.3.26
  • Oracle VM VirtualBox 4.3.32
  • Oracle VM VirtualBox 4.3.33
  • Oracle VM VirtualBox 4.3.34
  • Oracle VM VirtualBox 4.3.35
  • Oracle VM VirtualBox 4.3.36
  • Oracle VM VirtualBox 4.3.4
  • Oracle VM VirtualBox 4.3.5
  • Oracle VM VirtualBox 4.3.6
  • Oracle VM VirtualBox 4.3.7
  • Oracle VM VirtualBox 4.3.8
  • Oracle VM VirtualBox 4.3.9
  • Oracle VM VirtualBox 5.0
  • Oracle VM VirtualBox 5.0.10
  • Oracle VM VirtualBox 5.0.11
  • Oracle VM VirtualBox 5.0.12
  • Oracle VM VirtualBox 5.0.13
  • Oracle VM VirtualBox 5.0.14
  • Oracle VM VirtualBox 5.0.16
  • Oracle VM VirtualBox 5.0.18
  • Oracle VM VirtualBox 5.0.22
  • Oracle VM VirtualBox 5.0.26
  • Oracle VM VirtualBox 5.0.28
  • Oracle VM VirtualBox 5.0.32
  • Oracle VM VirtualBox 5.0.34
  • Oracle VM VirtualBox 5.0.38
  • Oracle VM VirtualBox 5.0.8
  • Oracle VM VirtualBox 5.0.9
  • Oracle VM VirtualBox 5.1.10
  • Oracle VM VirtualBox 5.1.14
  • Oracle VM VirtualBox 5.1.16
  • Oracle VM VirtualBox 5.1.20
  • Oracle VM VirtualBox 5.1.24
  • Oracle VM VirtualBox 5.1.30
  • Oracle VM VirtualBox 5.1.32
  • Oracle VM VirtualBox 5.1.36
  • Oracle VM VirtualBox 5.1.8
  • Oracle VM VirtualBox 5.2.0
  • Oracle VM VirtualBox 5.2.10
  • Oracle VM VirtualBox 5.2.16
  • Oracle VM VirtualBox 5.2.18
  • Oracle VM VirtualBox 5.2.2
  • Oracle VM VirtualBox 5.2.20
  • Oracle VM VirtualBox 5.2.22
  • Oracle VM VirtualBox 5.2.24
  • Oracle VM VirtualBox 5.2.25
  • Oracle VM VirtualBox 5.2.26
  • Oracle VM VirtualBox 5.2.28
  • Oracle VM VirtualBox 5.2.32
  • Oracle VM VirtualBox 5.2.34
  • Oracle VM VirtualBox 5.2.4
  • Oracle VM VirtualBox 5.2.6
  • Oracle VM VirtualBox 6.0.0
  • Oracle VM VirtualBox 6.0.10
  • Oracle VM VirtualBox 6.0.14
  • Oracle VM VirtualBox 6.0.2
  • Oracle VM VirtualBox 6.0.4
  • Oracle VM VirtualBox 6.0.6
  • Oracle VM VirtualBox 6.1
  • Oracle WebCenter Sites 12.2.1.3.0
  • Oracle WebCenter Sites 12.2.1.4.0
  • Oracle Weblogic Server 10.3.6.0.0
  • Oracle Weblogic Server 12.1.3.0.0
  • Oracle Weblogic Server 12.2.1.3.0
  • Oracle Weblogic Server 12.2.1.4.0
  • Oracle iLearning 6.1

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Only allow trusted users to have local interactive access to the affected computer.

Block external access at the network boundary, unless external parties require service.
If global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit.

Implement multiple redundant layers of security.
As an added precaution, deploy memory-protection schemes (such as nonexecutable stack/heap configuration and randomly mapped memory segments). This may complicate exploits of memory-corruption vulnerabilities.

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, run applications with the minimal amount of privileges required for functionality.

The vendor planned to release updates to address these issues on January 14, 2020. Please see the references for more information.

References

Credits

Oracle


© 1995- Symantec Corporation

Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from secure@symantec.com.

Disclaimer

The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Symantec, Symantec products, Symantec Security Response, and secure@symantec.com are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.