Big Oracle Patch Day

Thursday, July 19, 2012 @ 05:07 PM gHale


There is a flood of security issues coming from Oracle as their July Critical Patch Update (CPU) included 87 security fixes.

These fixes take care of various vulnerabilities across a number of its product families. The updates affect products including Oracle Fusion Middleware 11g, Oracle Database 10g and 11g, and MySQL. One of the holes got the highest possible CVSS score of 10.0; which ended up closed in the JRockit Java Virtual Machine (JVM), which is part of Oracle Fusion.

RELATED STORIES
New Java Exploit Debuts
Blackhole Exploit Upgraded
Phishing Emails Getting Real
ICS-CERT: Attacks on Rise

Holes also closed up in other Fusion components including Enterprise Manager for Fusion Middleware, Oracle HTTP Server, MapViewer, Outside In Technology, and Portal.

The vulnerabilities that affect the Database Server ended up fixed in the Enterprise Manager for Oracle Database, in Core RDBMS and in the network layer. The highest CVSS score is 6.8; none of the holes in MySQL exceed this rating either.

The company also released security updates for Oracle Siebel CRM, Enterprise Manager Grid Control 10g and 11g, Hyperion BI+, Solaris, Solaris Cluster, the SPARC T-Series, the Glassfish Enterprise Server and the Oracle iPlanet Web Server. Remote attackers could exploit the holes without authentication. Oracle recommends all of its customers install the patches as soon as possible.

Java does not play into this CPU, as Oracle is planning to provide the next Java update with its October CPU.



Leave a Reply

You must be logged in to post a comment.