Oracle CPU / PSU April 2018

Oracle recently released the spring Critical Patch Advisory. It is the first critical patch update, which also includes fixes for Oracle 18c. Over all it includes 254 new security fixes across the product families. Overall a rather large update, although only a security vulnerability is patched for the Oracle databases. This vulnerability is not remotely exploitable without authentication and is not applicable to client-only installations. The CVSS Rating is 8.5 for Oracle Database 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18.1.0.0 on any operating system. According to Oracle the following component is affected:

  • Java VM

Oracle Java VM is not installed by default. It is therefore recommended that you check your database environment to see if it is necessary to apply this critical patch update.

For Oracle Fusion Middleware the situation looks somehow different. The Critical Patch Update includes not less than 30 fixes for vulnerabilities. Several of the vulnerabilities may be remotely exploitable without authentication and are rated with the highest CVSS rating of 9.8.

More details about the patch will follow soon on the Oracle Security Pages.

By the way, Oracle improved the table which lists the affected products and components in there advisory. Oracle Database is not a the top of the table any more.

One thought on “Oracle CPU / PSU April 2018

  1. Assar Post author

    Comment by a user via site feedback:
    I tried to apply Grid Infrastructure patch set update 12.1.0.2.180417patch. On grid it update 3 patch (12.1.0.2.180417) and 1 fail to update (12.1.0.2.180116). On db_1 there is no change, all patch have the old numbers (12.1.0.2.180116).

Comments are closed.