Oracle pushes massive critical patch update for July

Oracle has issued a mammoth bundle of security patches, addressing no fewer than 193 vulnerabilties in several of the company's enterprise and client software offerings.

The Java application framework and runtime, widely criticised for having a poor security record and being a prime target for attackers, is again being patched by Oracle.

Among the vulnerabilities addressed by the Java patches is a zero-day exploit used in attacks against members of the North Atlantic Treaty Organisation defence pact, and the United States government, in April this year. 

The attacks were part of the Operation Pawn Storm campaign that also targeted the Asia-Pacific Economic Cooperation forum and the Middle East Homeland Security Summit in 2014 with social engineering tactics, according to security vendor Trend Micro - who discovered the threat and reported it to Oracle.

All in all, the Java update fixes 25 vulnerabilities, of which 23 are remotely exploitable without authentication.

The Oracle July 2015 Critical Patch Update (CPU) containts fixes for the following applications:

• Oracle Database
• Oracle Fusion Middleware
• Oracle Hyperion
• Oracle Enterprise Manager 
• Oracle E-Business Suite 
• Oracle Supply Chain Suite 
• Oracle PeopleSoft Enterprise
• Oracle Siebel CRM
• Oracle Communications Applications 
• Oracle Sun Systems Products Suite
• Oracle Linux and Virtualisation
• Oracle MySQL

Of the 193 fixes, 44 are for flaws in third-party components that Oracle include in its products.

These include patches for the Venom vulnerability in the Quick Emulator (QEMU) and the GHOST gethostbyname() function heap overflow in the GNU C library (glibc).