Oracle Critical Patch Update January 2014 - Availability and Relevance
By mkh on Jan 22, 2014
Oracle constantly reviews its products to harden against security threatening. Regularly an "Oracle Critical Patch Update Advisory" is published to inform about new patches and other actions to take. Oracle users are highly recommended to carefully review and to consider these advices.
With the January 2014 advisory, Oracle Forms and Oracle Reports for releases 11gR1 and 11gR2 are not effected by a new patch directly. Nevertheless, there are two items to take into account:
- Corresponding Oracle Fusion Middleware components like database client, JDK, HTTP Server, ... may need patching. Find the details in Master Note on Fusion Middleware Proactive Patching - Patch Set Updates (PSUs) and Bundle Patches (BPs) Doc ID 1494151.1)
- The January 2014 Risk Matrices - Oracle Fusion Middleware lists one item for Oracle Reports: CVE-2013-5785 dedicated to versions 220.127.116.11, 18.104.22.168 & 22.214.171.124 and gives best practices how to use the existing feature "Enable File System Access Control". Check out "Enable File System Access Control" - Fine Grained File System Access Control for the Reports Server Doc ID 1608683.1 for more details.
Keep updated on latest security announcements from Critical Patch Updates, Security Alerts and Third Party Bulletin and activate the Security Alert Tickler (RSS Feed)!