Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Oracle Releases Massive Security Update

Oracle just released a massive security update that covers 104 vulnerabilities across its product portfolio.

Thirty-seven of the vulnerabilities affect Oracle Java SE. According to Oracle’s advisory, 35 of these can be exploited remotely without authentication. Four of the bugs have a CVSS Base Score of 10, the most critical rating a bug can achieve.

Oracle just released a massive security update that covers 104 vulnerabilities across its product portfolio.

Thirty-seven of the vulnerabilities affect Oracle Java SE. According to Oracle’s advisory, 35 of these can be exploited remotely without authentication. Four of the bugs have a CVSS Base Score of 10, the most critical rating a bug can achieve.

“[Twenty-nine] of these 37 vulnerabilities affected client-only deployments, while 6 affected client and server deployments of Java SE,” blogged Eric Maurice, Oracle software security assurance director. “Rounding up this count [was] one vulnerability affecting the Javadoc tool and one affecting unpack200. As a reminder, desktop users, including home users, can leverage the Java Autoupdate or visit Java.com to ensure that they are running the most recent version of Java.  Java SE security fixes delivered through the Critical Patch Update program are cumulative. In other words, running the most recent version of Java provides users with the protection resulting from all previously-released security fixes.”

“Oracle strongly recommends that Java users, particularly home users, keep up with Java releases and remove obsolete versions of Java SE, so as to protect themselves against malicious exploitation of Java vulnerabilities,” he added.

While Java SE took the lion’s share of fixes, other issues in Fusion Middleware and MySQL were addressed as well, noted Amol Sarwate, director of Qualys’ Vulnerability Labs.

“All vulnerabilities in the Fusion Middleware can be exploited over the web using HTTP, and 13 out of the 20 can be exploited remotely without authentication,” he blogged.

Fourteen security fixes are aimed at Oracle MySQL, including two that can be exploited remotely without authentication.

The update also includes: five fixes for Oracle Virtualization; three for Oracle and Sun Systems Products Suite; one in Oracle iLearning; one in Oracle Siebel CRM; eight in Oracle PeopleSoft products; 10 for the Oracle Supply Chain products suite; two for Oracle Database and three for Oracle Hyperion.

Advertisement. Scroll to continue reading.

“Due to the relative severity of a number of the vulnerabilities fixed in this Critical Patch Update (CPU), Oracle strongly recommends that customers apply this Critical Patch Update as soon as possible,” blogged Maurice.

The next CPU is scheduled to be released July 15. In light of the Heartbleed vulnerability, Oracle also recently released a list of affected products and mitigations.

 

 

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.