NEWS
NEWS
NEWS
Oracle issues 253 security fixes in monster October critical patch update
Oracle released a monster number of fixes Tuesday, delivering 253 security updates in its October “critical patch update.”
The patches cover 76 Oracle product,s including databases, networking components, operating systems, applications servers, Java, and enterprise resource planning systems. According to the advisory published by Oracle, 15 of the patches are critical, with some allowing complete system compromise of Oracle Big Data Discovery, Oracle Web Services, Oracle Commerce and WebLogic over HTTP.
A dozen patches for vulnerabilities were issued for the Oracle Database Server, 31 in the MySQL database, seven in Java SE, 13 in Oracle Linux and virtualization products, and 16 in the Sun Systems suite.
Of the seven patches for Java, there were two serious vulnerabilities patched, including one that allows an “unauthenticated attacker with network access via multiple protocols” to compromise Java SE and other software depending on it.
“Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products,” the company added. “Successful attacks of this vulnerability can result in takeover of Java SE.”
One of the patches for the Oracle Database server was rated as critical, described as an “easily exploitable vulnerability” that would allow an attacker with a high level of privileges to “create session and “create procedure” privilege with network access via multiple protocols to compromise the Oracle Java virtual machine.
Oracle MySQL has two serious flaws that may be remotely exploited without authentication.
Two bugs rated with a 9.8 Common Vulnerability Scoring System are present on Oracle’s Fusion Middleware, with one allowing an attacker to takeover Oracle’s Big Data Discovery via HTTP, while the other, also described as “easily exploitable,” allows an attacker to gain access and via the Oracle WebLogic Server.
“Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes,” the company warned. “In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively supported versions and apply Critical Patch Update fixes without delay.”
A full list of the patches can be found here.
Image credit: fun_flying/Flickr/CC by 2.0
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
