2014/11/24 5:00PM PST-
Oracle has announced security issues and associated software patches affecting Oracle RDBMS 220.127.116.11 and 18.104.22.168. Detailed information about these issues is available here: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixDB.
Amazon RDS customers running Oracle 22.214.171.124 and 126.96.36.199 instances should upgrade them to newly released versions 188.8.131.52v2 and 184.108.40.206v3, containing the Critical Patch Update. Please note that Oracle hasn't made a patch available for version 220.127.116.11. If you run an instance of that version, we recommend upgrading it to one of the supported versions 18.104.22.168v3 or 22.214.171.124v2. If you selected 'Yes' for the Auto Minor Version Upgrade option, your database instance will be upgraded automatically during your maintenance window. You can upgrade your instance at a time of your choosing before your maintenance window by using the Modify operation as described on the http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeInstance.html page. At the time of the upgrade, your database instances (either Single-AZ or Multi-AZ) will undergo a reboot and will be unavailable for a few minutes.
For more information about the Oracle Core RDBMS security issues, please see:
- Oracle's Critical Patch Update regarding this issue (CVE-2014-2478): http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixDB
For more information about upgrading your database instances, please visit:
- Upgrading an Amazon RDS DB Instance: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeInstance.html
A summary of recommended actions follows below:
- Upgrade your 126.96.36.199 and 188.8.131.52 instances to new versions 184.108.40.206v3 and 220.127.116.11v2 at a time of your choosing by following instructions in the above link
- Upgrade your 18.104.22.168 instances to newer versions at a time of your choosing by following instructions in the above link