====================================================================

                                CERT-Renater

                     Note d'Information No. 2016/VULN029
_____________________________________________________________________

DATE                : 20/01/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Oracle Database Server,
                        Oracle Java SE,
                        Oracle E-Business Suite,
                        Oracle MySQL,
                        Oracle Fusion Middleware,
                        Oracle Linux and Virtualization,
                        Oracle Sun Systems Products Suite,
                        Oracle Retail Applications,
                        Oracle Communications Applications,
                        Oracle iLearning,
                        Oracle JD Edwards Products,
                        Oracle PeopleSoft Products,
                        Oracle Supply Chain Products,
                        Oracle Enterprise Manager Grid Control
                        Oracle GoldenGate.

======================================================================
https://blogs.oracle.com/security/entry/january_2016_critical_patch_update
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
_____________________________________________________________________

   January 2016 Critical Patch Update Released
By Eric P. Maurice-Oracle on Jan 19, 2016

Oracle today released the January 2016 Critical Patch Update.  With
this Critical Patch Update release, the Critical Patch Update program
enters its 11th year of existence (the first Critical Patch Update was
released in January 2005).  As a reminder, Critical Patch Updates are
currently released 4 times a year, on a schedule announced a year in
advance.  Oracle recommends that customers apply this Critical Patch
Update as soon as possible.

The January 2016 Critical Patch Update provides fixes for a wide range
of product families; including:

      Oracle Database
          None of these database vulnerabilities are remotely exploitable
without authentication.

      Java SE vulnerabilities
          Oracle strongly recommends that Java home users visit the
java.com web site, to ensure that they are using the most recent
version of Java and are advised to remove obsolete Java SE versions
from their computers if they are not absolutely needed.

      Oracle E-Business Suite.
          Oracle’s ongoing assurance effort with E-Business Suite helps
remediate security issues and is intended to help enhance the overall
security posture provided by E-Business Suite.

Oracle takes security seriously, and strongly encourages customers to
keep up with newer releases in order to benefit from Oracle’s ongoing
security assurance effort.

For more information:

The January 2016 Critical Patch Update Advisory is located at
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

The Oracle Software Security Assurance web site is located at
https://www.oracle.com/support/assurance/index.html.

Oracle Applications Lifetime Support Policy is located at
http://www.oracle.com/us/support/library/lifetime-support-applications-069216.pdf.

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================