Huge Oracle Security Update

Friday, October 17, 2014 @ 04:10 PM gHale


Lost in the shuffle of Microsoft’s Patch Tuesday and the Adobe fixes was Oracle security update.

Oracle issued more than 150 security fixes and within those patches are 31 fixes for the Oracle Database, several of which have a CVSS Base Score of 9.0.

RELATED STORIES
Adobe Fixes Flash Bugs
Patch Tuesday Fixes 3 Zero Days
Chrome 38 Fixes 159 Security Bugs
Patch Tuesday: IE Zero Day Fixed

“This CVSS 9.0 Base Score reflects instances where the user running the database has administrative privileges (as is typical with pre-12 Database versions on Windows),” said Oracle Software Security Assurance Director Eric Maurice in a blog post.

“When the database user has limited (or non-root) privilege, then the CVSS Base Score is 6.5 to denote that a successful compromise would be limited to the database and not extend to the underlying Operating System,” he said. “Regardless of this decrease in the CVSS Base Score for these vulnerabilities for most recent versions of the database on Windows and all versions on Unix and Linux, Oracle recommends that these patches be applied as soon as possible because a wide compromise of the database is possible.”

The Oracle update also provides fixes for 25 new Java SE vulnerabilities, the most severe of which has a CVSS Base Score of 10.0.

Out of the 25, 20 affect client-only deployments of Java SE, and two of these are browser specific. Four vulnerabilities, meanwhile, affect client and server deployments of Java SE, while one affects client and server deployments of JSSE, Maurice said.

The remaining vulnerabilities impact: Oracle Fusion Middleware; Oracle Enterprise Manager Grid Control; Oracle E-Business Suite; Oracle Supply Chain Product Suite; Oracle PeopleSoft Enterprise; Oracle JDEdwards EnterpriseOne; Oracle Communications Industry Suite; Oracle Retail Industry Suite; Oracle Health Sciences Industry Suite; Oracle Primavera; Oracle and Sun Systems Product Suite; Oracle Linux and Virtualization and Oracle MySQL.



Leave a Reply

You must be logged in to post a comment.