Oracle to release critical security fixes for hundreds of products (including Java) on Tuesday

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

OracleOn Tuesday 14 January, Oracle will be releasing its quarterly batch of security updates – and it’s gonna be a doozy.

Oracle’s critical patch update will address multiple security issues, including “144 new security vulnerability fixes across hundreds of Oracle products”.

Oracle says that it is strongly recommending that customers apply the patches “as soon as possible” because of “the threat posed by a successful attack.”

As always, the risk is that one of these vulnerabilities might be exploited by a hacker to run malware onto your computer.

Sign up to our free newsletter.
Security news, advice, and tips.

Many of the vulnerabilities are said to be “remotely exploitable without authentication” – which means that for an attack to be successful against your computer you wouldn’t have to enter your username and password.

The Oracle product which will grab the most headlines because of its need to be patched is probably Java SE, used on a wide number of both business and consumer computers and long regarded as something of a “Swiss cheese” for its numerous security holes.

Oracle says that Tuesday’s release will contain 36 fixes for Java, 34 of which can be exploited by an attacker without the need for authentication.

Once again, it might be sensible for you to consider whether you really need Java enabled in your web browser. (Note: Java is entirely diffferent from JavaScript).

More details can be found in Oracle’s pre-announcement about the security updates, but here is a list of affected products:

Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 11g Release 2, versions 11.2.0.3, 11.2.0.4
Oracle Database 12c Release 1, version 12.1.0.1
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.6, 11.1.1.7
Oracle Fusion Middleware 11g Release 2, versions 11.1.2.0, 11.1.2.1
Oracle Fusion Middleware 12c Release 2, version 12.1.2
Oracle Enterprise Data Quality, versions 8.1, 9.0.8
Oracle Forms and Reports 11g, Release 2, version 11.1.2.1
Oracle GlassFish Server, version 2.1.1, Sun Java Application Server, versions 8.1, 8.2
Oracle HTTP Server 11g, versions 11.1.1.6, 11.1.1.7
Oracle HTTP Server 12c, version 12.1.2
Oracle Identity Manager, versions 11.1.1.5, 11.1.1.7, 11.1.2.0, 11.1.2.1
Oracle Internet Directory, versions 11.1.1.6, 11.1.1.7
Oracle iPlanet Web Proxy Server, version 4.0
Oracle iPlanet Web Server, versions 6.1, 7.0
Oracle Outside In Technology, versions 8.4.0, 8.4.1
Oracle Portal, version 11.1.1.6
Oracle Reports Developer, versions 11.1.1.6, 11.1.1.7, 11.1.2.1
Oracle Traffic Director, versions 11.1.1.6, 11.1.1.7
Oracle WebCenter Portal versions 11.1.1.6.0, 11.1.1.7.0, 11.1.1.8.0
Oracle WebCenter Sites versions 11.1.1.6.1, 11.1.1.8.0
Hyperion Essbase Administration Services, versions 11.1.2.1, 11.1.2.2, 11.1.2.3
Hyperion Strategic Finance, versions 11.1.2.1, 11.1.2.2
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle E-Business Suite Release 12i, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3
Oracle Agile Product Lifecycle Management for Process, versions 6.0, 6.1, 6.1.1
Oracle AutoVue Electro-Mechanical Professional, versions 20.1.1, 20.2.2
Oracle Demantra Demand Management, versions 7.3.1, 12.2.1, 12.2.2, 12.2.3
Oracle Transportation Management, versions 5.5.06, 6.0, 6.1, 6.2, 6.3, 6.3.1, 6.3.2
Oracle PeopleSoft Enterprise HRMS, versions 9.1.0, 9.2.0
Oracle PeopleSoft Enterprise HRMS Human Resources, versions 9.1, 9.2
Oracle PeopleSoft Enterprise PeopleTools, versions 8.52, 8.53
Oracle PeopleSoft Enterprise SCM Services Procurement, version 9.2
Oracle Siebel Core, versions 8.1.1, 8.2.2
Oracle Siebel Life Sciences, versions 8.1.1, 8.2.2
Oracle iLearning, version 6.0
Oracle FLEXCUBE Private Banking, versions 1.7, 2.0, 2.0.1, 2.2.0.1, 3.0, 12.0.1, 12.0.2
Oracle JavaFX, versions 2.2.45 and earlier
Oracle Java JDK and JRE, versions 5.0u55 and earlier, 6u65 and earlier, 7u45 and earlier
Oracle Java SE Embedded, versions 7u45 and earlier
Oracle JRockit, versions R27.7.7 and earlier, R28.2.9 and earlier
Oracle Solaris versions 8, 9, 10, 11.1
Oracle Secure Global Desktop, versions 4.63.x, 4.71.x, 5.0.x, 5.10
Oracle VM VirtualBox, versions prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, 4.3.6
Oracle MySQL Enterprise Monitor, versions 2.3, 3.0
Oracle MySQL Server, versions 5.1, 5.5, 5.6

And don’t forget – as if you weren’t busy enough with security patches – Oracle times its quarterly security fixes to coincide with the regular monthly security updates from Microsoft and Adobe.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.