You are here

U-150: Oracle Critical Patch Update Advisory - April 2012

April 18, 2012 - 8:43am

Addthis

PROBLEM:

Cumulative security patches for Oracle products has been released for April 17, 2012

PLATFORM:

The Oracle Database, Oracle Fusion Middleware
Oracle Enterprise Manager Grid Control, Oracle E-Business Suite Applications
JD Edwards EnterpriseOne, JD Edwards OneWorld Tools
PeopleSoft Enterprise Portal Applications, PeopleSoft Enterprise PeopleTools
Siebel Enterprise, Industry Applications
FLEXCUBE, Primavera and Oracle VM

ABSTRACT:

Critical Patch Updates are the primary means of releasing security fixes for Oracle products to customers with valid support contracts. They are released on the Tuesday closest to the 17th day of January, April, July and October.

Reference LINKS:

Vendor Advisory

IMPACT ASSESSMENT:

High

Discussion:

Security vulnerabilities are scored using CVSS version 2.0 (see Oracle CVSS Scoring for an explanation of how Oracle applies CVSS 2.0). Oracle conducts an analysis of each security vulnerability addressed by a Critical Patch Update (CPU). Oracle does not disclose information about the security analysis, but the resulting Risk Matrix and associated documentation provide information about the type of vulnerability, the conditions required to exploit it, and the potential impact of a successful exploit. Oracle provides this information, in part, so that customers may conduct their own risk analysis based on the particulars of their product usage. As a matter of policy, Oracle does not disclose detailed information about an exploit condition or results that can be used to conduct a successful exploit. Oracle will not provide additional information about the specifics of vulnerabilities beyond what is provided in the CPU or Security Alert notification, the Patch Availability Matrix, the readme files, and FAQs. Oracle does not provide advance notification on CPUs or Security Alerts to individual customers. Finally, Oracle does not distribute exploit code or proof of concept code for product vulnerabilities

Solution:

Updates and security patches are available from Oracle.com

Addthis