Qualys Blog

www.qualys.com
10 posts

Oracle January 2017 CPU Fixes 270 Vulnerabilities

Oracle kicked off the New Year with its first installment of the quarterly CPU (critical patch update) for 2017. The update contains fix for 270 security issues across wide range of products. The graph below shows distribution of the update. More than 100 vulnerabilities that were fixed could be compromised by a remote attacker without requiring any credentials. Most remote vulnerabilities could be exploited over the HTTP protocol.

Continue reading …

Oracle July 2016 Critical Patch Update

Today Oracle released its July critical patch update fixing 276 security issues across hundreds of Oracle products. On average in 2015 Oracle fixed about 161 vulnerabilities per update and the number was 128 in 2014. That makes today’s update the largest and here is a breakdown of the vulnerabilities. Out of the 276 vulnerabilities, 159 can be exploited remotely without authentication, typically over a network without the need of any credentials. The table lists components ordered by the number of issues and description below has details. Since most organizations have different teams to patch databases, networking components, operating systems, applications server and ERP systems, I have broken down the massive update in these categories.

Continue reading …

Oracle Critical Patch Update April 2016

This week Oracle released their quarterly Critical Patch Update (CPU) for April 2016. The CPU addresses 136 vulnerabilities in 49 products, including Java, Solaris, several middleware products, VirtualBox, the MySQL database and the original Oracle database.

Continue reading …

Oracle Critical Patch Update October 2015

Oracle published their quarterly critical patch update October 2015 addressing 154 vulnerabilities distributed across 50+ different products. We will give you our read on the update and help with your prioritization.

Continue reading …

Patch Tuesday January 2015, 2nd Edition

Every three months Patch Tuesday has a 2nd edition when Oracle publishes their security updates in their considerable software portfolio.

Continue reading …

Oracle CPU October 2014

In the third patch release of the day, after Adobe and Microsoft, Oracle publishes code fixes for 154 distinct vulnerabilities across a large number of product families. Many of the vulnerabilities addressed are of critical nature, allowing the attacker to achieve remote code execution. Due to the large number of patches a precise inventory will be crucial to be able to decide where to patch first.

Continue reading …

Oracle Critical Patch Update July 2014

Oracle released its Critical Patch Update (CPU) for July 2014 with 115 patch updates to a variety of Oracle products. The most critical vulnerabilities fixed by these patches would allow an attacker to take control of the machine that the software is running on – workstation or server.

Continue reading …

Oracle Critical Patch Update July 2014

Oracle just released their announcement of the July Critical Patch Update (CPU). Oracle bundles the security updates for the majority of the products it controls into a quarterly update – something of a Super Tuesday of computer security. This time we are getting 115 fixes for vulnerabilities over 30 different product groups with even more individual software versions affected.

Continue reading …

Oracle April CPU 2014: Java Takes the Lion’s Share

OracleCPU

Oracle released another massive critical patch update (CPU) today which contains 104 new security fixes. Java SE took the lion’s share of fixes followed by Fusion Middleware and MySQL. Only two vulnerabilities were fixed in the flagship Database Server 11g and 12c and both the vulnerabilities need credentials to be exploited remotely.

Continue reading …

Oracle CPU July 2013

Oracle released today its Critical Patch Update (CPU) for July 2013. The CPU is Oracle’s quarterly mechanism to publish updates for all of its supported products, with the exception of Java. Java is on a different update cycle of every four months, but it will be migrated to the same schedule beginning in October of 2013.

This month’s CPU contains 89 updates touching most of Oracle’s product groups. A large percentage (>40%) of the vulnerabilities addressed allow for remote unauthenticated access for the attacker and should be priority, particularly on applications that are exposed to the Internet.

Continue reading …