Oracle rolls out massive critical patch update

Oracle rolls out massive critical patch update

PanARMENIAN.Net - Oracle has released a swathe of security updates culminating in a massive 104 new security fixes for products including Java, Fusion Middleware and MySQL, according to ZDNet.

The California-based firm's latest critical patch update (CPU) includes 37 Java SE vulnerabilities, four of which deemed critical after receiving a CVSS Base Score of 10. Out of these security flaws, 29 affected client-only deployments, while six affected both client and server deployments of Java. One affects the Javadoc tool and one affects unpack200. CVE-2014-2398 can be exploited remotely and so updates should not be stalled in order to keep your system safe.

The CPU also provides 20 Fusion Middleware vulnerability fixes. The highest CVSS Base Score for these Fusion Middleware vulnerabilities is 7.5, which is fairly severe in Oracle's measurements. Each one can be exploited using HTTP, and 13 can be exploited remotely without authorization.

MySQL version 5.5 and 5.6 have received patch updates, and only one, CVE-2014-2431, is exploitable remotely. However, there are 14 security vulnerabilities in total for this software.

Two fixes were issued for Oracle's flagship software, the Oracle Database, and both security flaws would need credentials before systems could be exploited remotely, ZDNet says.

Other product lines affected by the latest CPU include Hyperion, Supply Chain Product Suite, PeopleSoft Enterprise, Sun Systems Products Suite and Oracle Linux and Virtualization. Due to the severity of this update, it is recommended to apply the patch immediately.

The next CPU date is 15 July this year.

 Top stories
YouTube, eager to capture cord cutters with original content, is about to debut one show and three movies to the Red subscription service.
"It looks like Google continues to execute on mobile advertising," said Neil Doshi managing director of research at Mizuho Securities.
Some of the executives are departing under pressure and others decided on their own to leave the company, the person said.
Many enterprise customers cling to old versions of Windows to the point where PC makers sometimes offer those versions on brand new systems.
Partner news