Oracle Releases 248 Security Fixes

Friday, January 22, 2016 @ 03:01 PM gHale

Oracle’s Critical Patch Update (CPU) for January 2016 brought 248 security fixes.

Software with fixes in the update include Oracle Database, Java SE, and Oracle E-Business Suite, among others.

Microsoft Patches Critical Holes in Jan
Microsoft Drops 20 CAs
IE Ending Support for Older Versions
New Malware Tool Focuses on Russia

Of the 7 Oracle Database vulnerabilities addressed this time around, none are remotely exploitable without authentication. The updates do fix 3 vulnerabilities in Oracle GoldenGate, all of which could end up remotely exploitable without authentication.

New updates in Oracle’s E-Business Suite help remediate security issues and help enhance the overall security posture provided by E-Business Suite, the company said.

For the embattled Java, Oracle recommended users ensure they are using the most recent version of Java and should remove obsolete Java SE versions from their computers.

Along with the January CPU, Oracle reminded customers to apply fixes and/or configuration steps released for a Java deserialization vulnerability (CVE-2015-4852) in November 2015, which affected other third-party products.

The full details of all vulnerabilities are available in Oracle’s security advisory.