Oracle Communications Policy Management Critical Patch Update Document October 2016

Asset ID:	1-79-2188694.1
Update Date:	2016-10-18
Keywords:

Solution Type Predictive Self-Healing Sure

Solution 2188694.1 : Oracle Communications Policy Management Critical Patch Update Document October 2016

Applies to:

Oracle Communications Policy Management - Version POLICY 9.7.3 to POLICY 12.1.1.2 [Release POLICY 9.0 to POLICY 12.0]
Information in this document applies to any platform.

Purpose

Oracle Provides Critical Patch Updates to its customers to fix security vulnerabilities. This document will define the fixes that we have made for Oracle Communications Policy Management.

Scope

Details

The following CVEs have been addressed in this CPU:

CVE-2015-0235 Glibc

CVE-2015-0411 MySQL

CVE-2014-0050 Tomcat

CVE-2014-0224 OpenSSL

CVE-2015-0286 OpenSSL

CVE-2013-2067 Tomcat

CVE-2014-0227 Tomcat

CVE-2013-4444 Tomcat

CVE-2015-2568 MySQL

CVE-2014-0096 Tomcat

CVE-2013-4590 Tomcat

CVE-2014-0099 Tomcat

CVE-2014-0075 Tomcat

CVE-2014-0119 Tomcat

CVE-2013-4322 Tomcat

CVE-2014-9296 NTP

CVE-2014-3571 OpenSSL

CVE-2014-2532 OpenSSH

CVE-2013-4286 Tomcat

CVE-2015-0433 MySQL

CVE-2015-0423 MySQL

CVE-2015-0500 MySQL

CVE-2015-0409 MySQL

CVE-2015-0381 MySQL

CVE-2015-0382 MySQL

Additional CVEs addressd:

The fix for CVE-2014-9296 also addresses CVE-2014-9293, CVE-2014-9294, and CVE-2014-9295.

To address these CVEs:

Customers running 9.7.3 or earlier, must upgrade to to 9.7.4.
Customers running 9.9.1 or earlier, must upgrade to to 9.9.2.
Customers running 10.4.1 or earlier, must upgrade to 10.4.2
Customers running 12.1.1 or earlier (including the latest 11.5.x), must upgrade to 12.1.2.
Customers running 11.5, must upgrade to the latest 12.x to obtain a fix. In this case, all 11.5 and 12.x customers must upgrade to 12.1.2.

Attachments

This solution has no attachment