Oracle kicked off the New Year with its first installment of the quarterly CPU (critical patch update) for 2017. The update contains fix for 270 security issues across wide range of products. The graph below shows distribution of the update. More than 100 vulnerabilities that were fixed could be compromised by a remote attacker without requiring any credentials. Most remote vulnerabilities could be exploited over the HTTP protocol.
Today Oracle released its July critical patch update fixing 276 security issues across hundreds of Oracle products. On average in 2015 Oracle fixed about 161 vulnerabilities per update and the number was 128 in 2014. That makes today’s update the largest and here is a breakdown of the vulnerabilities. Out of the 276 vulnerabilities, 159 can be exploited remotely without authentication, typically over a network without the need of any credentials. The table lists components ordered by the number of issues and description below has details. Since most organizations have different teams to patch databases, networking components, operating systems, applications server and ERP systems, I have broken down the massive update in these categories.
In the third patch release of the day, after Adobe and Microsoft, Oracle publishes code fixes for 154 distinct vulnerabilities across a large number of product families. Many of the vulnerabilities addressed are of critical nature, allowing the attacker to achieve remote code execution. Due to the large number of patches a precise inventory will be crucial to be able to decide where to patch first.
Oracle released its Critical Patch Update (CPU) for July 2014 with 115 patch updates to a variety of Oracle products. The most critical vulnerabilities fixed by these patches would allow an attacker to take control of the machine that the software is running on – workstation or server.
Oracle just released their announcement of the July Critical Patch Update (CPU). Oracle bundles the security updates for the majority of the products it controls into a quarterly update – something of a Super Tuesday of computer security. This time we are getting 115 fixes for vulnerabilities over 30 different product groups with even more individual software versions affected.
Oracle released another massive critical patch update (CPU) today which contains 104 new security fixes. Java SE took the lion’s share of fixes followed by Fusion Middleware and MySQL. Only two vulnerabilities were fixed in the flagship Database Server 11g and 12c and both the vulnerabilities need credentials to be exploited remotely.
Oracle released today its Critical Patch Update (CPU) for July 2013. The CPU is Oracle’s quarterly mechanism to publish updates for all of its supported products, with the exception of Java. Java is on a different update cycle of every four months, but it will be migrated to the same schedule beginning in October of 2013.
This month’s CPU contains 89 updates touching most of Oracle’s product groups. A large percentage (>40%) of the vulnerabilities addressed allow for remote unauthenticated access for the attacker and should be priority, particularly on applications that are exposed to the Internet.