You are here

U-215: Oracle Critical Patch Update Advisory - July 2012

July 18, 2012 - 7:00am

Addthis

PROBLEM:

Cumulative security patches for Oracle Critical Patch Update Advisory - July 2012

PLATFORM:

Oracle Database, Oracle Fusion Middleware, Oracle Secure Backup, Oracle Application Server, Oracle Identity Management 10g, Hyperion BI, Oracle JRockit versions, Oracle Outside In Technology, Fusion Middleware, Enterprise Manager, Oracle E-Business Suite Applications, Oracle Transportation Management, Supply Chain, Oracle AutoVue, Oracle PeopleSoft Enterprise, Oracle Siebel CRM, Oracle Clinical Remote Data Capture Option, Oracle Sun Product Suite, Oracle MySQL Server

ABSTRACT:

Critical Patch Updates are the primary means of releasing security fixes for Oracle products to customers with valid support contracts. They are released on the Tuesday closest to the 17th day of January, April, July and October.

reference LINKS:

Vendor Advisory - July 2012

IMPACT ASSESSMENT:

High

Discussion:

Security vulnerabilities are scored using CVSS version 2.0 (see Oracle CVSS Scoring for an explanation of how Oracle applies CVSS 2.0). Oracle conducts an analysis of each security vulnerability addressed by a Critical Patch Update (CPU). Oracle does not disclose information about the security analysis, but the resulting Risk Matrix and associated documentation provide information about the type of vulnerability, the conditions required to exploit it, and the potential impact of a successful exploit. Oracle provides this information, in part, so that customers may conduct their own risk analysis based on the particulars of their product usage. As a matter of policy, Oracle does not disclose detailed information about an exploit condition or results that can be used to conduct a successful exploit. Oracle will not provide additional information about the specifics of vulnerabilities beyond what is provided in the CPU or Security Alert notification, the Patch Availability Matrix, the readme files, and FAQs. Oracle does not provide advance notification on CPUs or Security Alerts to individual customers. Finally, Oracle does not distribute exploit code or proof of concept code for product vulnerabilities

Impact:

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 87 new security fixes.

Solution:

Updates and security patches are available from Oracle.com

Addthis