Oracle rolls out massive critical patch update

Oracle rolls out massive critical patch update

PanARMENIAN.Net - Oracle has released a swathe of security updates culminating in a massive 104 new security fixes for products including Java, Fusion Middleware and MySQL, according to ZDNet.

The California-based firm's latest critical patch update (CPU) includes 37 Java SE vulnerabilities, four of which deemed critical after receiving a CVSS Base Score of 10. Out of these security flaws, 29 affected client-only deployments, while six affected both client and server deployments of Java. One affects the Javadoc tool and one affects unpack200. CVE-2014-2398 can be exploited remotely and so updates should not be stalled in order to keep your system safe.

The CPU also provides 20 Fusion Middleware vulnerability fixes. The highest CVSS Base Score for these Fusion Middleware vulnerabilities is 7.5, which is fairly severe in Oracle's measurements. Each one can be exploited using HTTP, and 13 can be exploited remotely without authorization.

MySQL version 5.5 and 5.6 have received patch updates, and only one, CVE-2014-2431, is exploitable remotely. However, there are 14 security vulnerabilities in total for this software.

Two fixes were issued for Oracle's flagship software, the Oracle Database, and both security flaws would need credentials before systems could be exploited remotely, ZDNet says.

Other product lines affected by the latest CPU include Hyperion, Supply Chain Product Suite, PeopleSoft Enterprise, Sun Systems Products Suite and Oracle Linux and Virtualization. Due to the severity of this update, it is recommended to apply the patch immediately.

The next CPU date is 15 July this year.

 Top stories
Apple Design Awards (ADA) is a special event hosted by Apple Inc. at its annual Worldwide Developers Conference.
"Today an element of the Army.mil service provider's content was compromised," Army Brig. Gen. Malcolm B. Frost said.
Of course, if a user has location services turned off within Messenger, this new location sharing feature won’t be accessible.
Information stored on OPM databases includes employee job assignments, performance reviews and training, officials said.
Partner news