Security Vulnerability Patch

Critical Patch Updates, Security Alerts and Bulletins This page lists announcements of security fixes made in Critical Patch Update Advisories, Security Alerts and Bulletins, and it is updated when new Critical Patch Update Advisories, Security Alerts and Bulletins are released. Of Critical Patch Update Advisories and Security Alerts. This page contains the following sections:. Critical Patch Updates Critical Patch Updates are collections of security fixes for Oracle products. They are available to customers with valid support contracts.

They are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:. 17 April 2018. 17 July 2018. 16 October 2018. 15 January 2019 A pre-release announcement will be published on the Thursday preceding each Critical Patch Update release. The Critical Patch Updates released since 2014 are listed in the following table.

Critical Patch Updates released before 2014 are available. Critical Patch Update Latest Version/Date Rev 4, 22 January 2018 Rev 9, 25 January 2018 Rev 5, 29 January 2018 Rev 5, 20 June 2017 Rev 5, 18 May 2017 Rev 4, 21 November 2016 Rev 2, 18 October 2016 Rev 3, 20 December 2016 Rev 2, 12 February 2016 Rev 6, 27 October 2015 Rev 4, 30 July 2015 Rev 3, 28 April 2015 Rev 2, 10 March 2015 Rev 5, 21 November 2014 Rev 2, 24 July 2014 Rev 2, 28 April 2014 Rev 1, 14 January 2014 Security Alerts Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update. The Security Alerts released since 2014 are listed in the following table.

Security Alerts released before 2014 are available. Security Alert Number And Description Latest Version/Date Rev 2, 16 November 2017 Rev 3, 04 November 2017 Rev 1, 22 September 2017 Rev 2, 20 June 2017 Rev 1, 23 March 2016 Rev 1, 05 February 2016 Rev 2, 12 November 2015 Rev 1, 15 May 2015 Rev 5, 30 September 2014 Rev 1, 18 April 2014 Solaris Third Party Bulletins Solaris Third Party Bulletins are used to announce security fixes for third party software distributed with Oracle Solaris. Solaris Third Party Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins are be updated on the Tuesday closest to the 17th of the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates).

Security patches. A security patch is a change applied to an asset to correct the weakness described by a vulnerability. Equifax Inc (EFX.N) was alerted in March to the software security vulnerability that led to hackers obtaining personal information of more than 140 million Americans.

In addition, Solaris Third Party Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next scheduled publication date. Bulletins published before January 20, 2015 are available. Solaris Third Party Bulletin Latest Version/Date Rev 1, 16 January 2018 Rev 3, 18 December 2017 Rev 4, 18 September 2017 Rev 4, 19 June 2017 Rev 4, 28 March 2017 Rev 5, 11 January 2017 Rev 6, 10 April 2017 Rev 8, 16 October 2017 Rev 5, 12 April 2016 Rev 5, 14 January 2016 Rev 6, 15 September 2015 Rev 3, 15 June 2015 Rev 5, 01 April 2015 Oracle Linux Bulletins Oracle releases security advisories for Oracle Linux as patches become available. Security advisories (ELSA) are published. Starting October 20, 2015, Oracle will also publish Oracle Linux Bulletins which list all CVEs that had been resolved and announced in Oracle Linux Security Advisories in the last one month prior to the release of the bulletin. The Oracle Linux Bulletin will be published on the same day as Oracle Critical Patch Updates are released.

These bulletins will also be updated for following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle Linux Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next scheduled bulletin publication date. Oracle Linux Bulletin Latest Version/Date Rev 1, 16 January 2018 Rev 3, 18 December 2017 Rev 3, 18 September 2017 Rev 3, 19 June 2017 Rev 3, 17 March 2017 Rev 3, 19 December 2016 Rev 3, 19 September 2016 Rev 3, 20 June 2016 Rev 3, 21 March 2016 Rev 3, 21 December 2015 Oracle VM Server for x86 Bulletins Oracle releases security advisories for Oracle VM Server for x86 as patches become available. Security advisories (OVMSA) are published. Starting July 19, 2016, Oracle will also publish Oracle VM Server for x86 Bulletins which will list all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories in the last one month prior to the release of the bulletin. The Oracle VM Server for x86 Bulletin will be published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication.

In addition, Oracle VM Server for x86 Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next scheduled bulletin publication date. Oracle VM Server for x86 Bulletin Latest Version/Date Rev 1, 16 January 2018 Rev 3, 18 December 2017 Rev 3, 18 September 2017 Rev 3, 19 June 2017 Rev 3, 17 March 2017 Rev 3, 19 December 2016 Rev 3, 19 September 2016 Map of CVE to Advisory The indicates which CVEs are fixed in each Critical Patch Update and Security Alert. The indicates which CVEs are fixed in each Solaris Third Party Bulletin. Policy on Information Provided in Critical Patch Updates and Security Alerts As a matter of policy, Oracle will not provide additional information about the specifics of vulnerabilities beyond what is provided in the Critical Patch Update or Security Alert notification, the pre-installation notes, the readme files, and FAQs. Oracle provides all customers with the same information in order to protect all customers equally. Oracle will not provide advance notification or 'insider information' on Critical Patch Update or Security Alerts to individual customers. Finally, Oracle does not develop or distribute active exploit code (or 'proof of concept code') for vulnerabilities in our products.

Exploit

Applicability of Critical Patch Updates and Security Alerts to Oracle Cloud The Oracle Cloud operations and security teams regularly evaluate Oracle’s Critical Patch Updates and Security Alert fixes as well as relevant third-party fixes as they become available and apply the relevant patches in accordance with applicable change management processes. Oracle Cloud customers requiring information about the applicability of Critical Patch Update and Security Alert fixes to their systems hosted in Oracle Cloud may obtain it as follows:. Oracle Managed Cloud Services customers should contact their Service Delivery Manager. CRM On Demand customers should request status via a Service Request (SR). Oracle Industry Cloud and Micros Cloud customers should contact. Oracle Public Cloud customers should submit a SR within their designated support system to request an update specific to the services they have purchased.

Oracle Data Cloud customers should contact their Client Partner. Oracle Cloud Infrastructure and Bare Metal Cloud Service customers should submit a Service Request within their designated support system.

Microsoft vulnerability patch

Oracle NetSuite customers may either submit an Oracle NetSuite Support Case from within their Oracle NetSuite account or send an email to. References.

Critical Patch Updates, Security Alerts and Bulletins This page lists announcements of security fixes made in Critical Patch Update Advisories, Security Alerts and Bulletins, and it is updated when new Critical Patch Update Advisories, Security Alerts and Bulletins are released. Of Critical Patch Update Advisories and Security Alerts. This page contains the following sections:.

Critical Patch Updates Critical Patch Updates are collections of security fixes for Oracle products. They are available to customers with valid support contracts. They are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:. 17 April 2018.

Wordpress

17 July 2018. 16 October 2018. 15 January 2019 A pre-release announcement will be published on the Thursday preceding each Critical Patch Update release. The Critical Patch Updates released since 2014 are listed in the following table. Critical Patch Updates released before 2014 are available. Critical Patch Update Latest Version/Date Rev 4, 22 January 2018 Rev 9, 25 January 2018 Rev 5, 29 January 2018 Rev 5, 20 June 2017 Rev 5, 18 May 2017 Rev 4, 21 November 2016 Rev 2, 18 October 2016 Rev 3, 20 December 2016 Rev 2, 12 February 2016 Rev 6, 27 October 2015 Rev 4, 30 July 2015 Rev 3, 28 April 2015 Rev 2, 10 March 2015 Rev 5, 21 November 2014 Rev 2, 24 July 2014 Rev 2, 28 April 2014 Rev 1, 14 January 2014 Security Alerts Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update.

The Security Alerts released since 2014 are listed in the following table. Security Alerts released before 2014 are available. Security Alert Number And Description Latest Version/Date Rev 2, 16 November 2017 Rev 3, 04 November 2017 Rev 1, 22 September 2017 Rev 2, 20 June 2017 Rev 1, 23 March 2016 Rev 1, 05 February 2016 Rev 2, 12 November 2015 Rev 1, 15 May 2015 Rev 5, 30 September 2014 Rev 1, 18 April 2014 Solaris Third Party Bulletins Solaris Third Party Bulletins are used to announce security fixes for third party software distributed with Oracle Solaris.

Solaris Third Party Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins are be updated on the Tuesday closest to the 17th of the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates). In addition, Solaris Third Party Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next scheduled publication date. Bulletins published before January 20, 2015 are available.

Solaris Third Party Bulletin Latest Version/Date Rev 1, 16 January 2018 Rev 3, 18 December 2017 Rev 4, 18 September 2017 Rev 4, 19 June 2017 Rev 4, 28 March 2017 Rev 5, 11 January 2017 Rev 6, 10 April 2017 Rev 8, 16 October 2017 Rev 5, 12 April 2016 Rev 5, 14 January 2016 Rev 6, 15 September 2015 Rev 3, 15 June 2015 Rev 5, 01 April 2015 Oracle Linux Bulletins Oracle releases security advisories for Oracle Linux as patches become available. Security advisories (ELSA) are published. Starting October 20, 2015, Oracle will also publish Oracle Linux Bulletins which list all CVEs that had been resolved and announced in Oracle Linux Security Advisories in the last one month prior to the release of the bulletin. The Oracle Linux Bulletin will be published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle Linux Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next scheduled bulletin publication date.

Oracle Linux Bulletin Latest Version/Date Rev 1, 16 January 2018 Rev 3, 18 December 2017 Rev 3, 18 September 2017 Rev 3, 19 June 2017 Rev 3, 17 March 2017 Rev 3, 19 December 2016 Rev 3, 19 September 2016 Rev 3, 20 June 2016 Rev 3, 21 March 2016 Rev 3, 21 December 2015 Oracle VM Server for x86 Bulletins Oracle releases security advisories for Oracle VM Server for x86 as patches become available. Security advisories (OVMSA) are published. Starting July 19, 2016, Oracle will also publish Oracle VM Server for x86 Bulletins which will list all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories in the last one month prior to the release of the bulletin. The Oracle VM Server for x86 Bulletin will be published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle VM Server for x86 Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next scheduled bulletin publication date. Oracle VM Server for x86 Bulletin Latest Version/Date Rev 1, 16 January 2018 Rev 3, 18 December 2017 Rev 3, 18 September 2017 Rev 3, 19 June 2017 Rev 3, 17 March 2017 Rev 3, 19 December 2016 Rev 3, 19 September 2016 Map of CVE to Advisory The indicates which CVEs are fixed in each Critical Patch Update and Security Alert.

The indicates which CVEs are fixed in each Solaris Third Party Bulletin. Policy on Information Provided in Critical Patch Updates and Security Alerts As a matter of policy, Oracle will not provide additional information about the specifics of vulnerabilities beyond what is provided in the Critical Patch Update or Security Alert notification, the pre-installation notes, the readme files, and FAQs. Oracle provides all customers with the same information in order to protect all customers equally. Oracle will not provide advance notification or 'insider information' on Critical Patch Update or Security Alerts to individual customers. Finally, Oracle does not develop or distribute active exploit code (or 'proof of concept code') for vulnerabilities in our products. Applicability of Critical Patch Updates and Security Alerts to Oracle Cloud The Oracle Cloud operations and security teams regularly evaluate Oracle’s Critical Patch Updates and Security Alert fixes as well as relevant third-party fixes as they become available and apply the relevant patches in accordance with applicable change management processes.

Wordpress Security Vulnerability

Oracle Cloud customers requiring information about the applicability of Critical Patch Update and Security Alert fixes to their systems hosted in Oracle Cloud may obtain it as follows:. Oracle Managed Cloud Services customers should contact their Service Delivery Manager. CRM On Demand customers should request status via a Service Request (SR). Oracle Industry Cloud and Micros Cloud customers should contact. Oracle Public Cloud customers should submit a SR within their designated support system to request an update specific to the services they have purchased. Oracle Data Cloud customers should contact their Client Partner. Oracle Cloud Infrastructure and Bare Metal Cloud Service customers should submit a Service Request within their designated support system.

Intel Vulnerability Patch

Oracle NetSuite customers may either submit an Oracle NetSuite Support Case from within their Oracle NetSuite account or send an email to. References.