Oracle issues mammoth patch collection

By

Mostly fixing third-party utilities.

Oracle’s quarterly patch release fixes an eye-watering 387 security vulnerabilities, but only 14 of them are rated critical (with a CVSS score greater than 9).

Oracle issues mammoth patch collection

A critical Apache Commons ByteCode engineering library (BCEL) bug affects the company’s Communications Applications.

CVE-2023-34462 is an API bug that gives an attacker control over the bytecode produced by the library, and was first disclosed in July 2022.

The bug also affects PeopleSoft, Communications, Insurance Applications, Retail Applications, Utilities Applications, and Fusion Middleware.

Oracle Communications inherits a critical bug in OpenSSH, CVE-2023-38408, patched by the project in in September 2023; another in PHP patched in August, CVE-2023-3824; and CVE-2022-36944, a deserialisation bug in Scala.

Oracle Financial Services Applications gets fixes for three critical bugs: CVE-2023-22946 in Apache Spark (also fixed in Oracle Analytics), CVE-2022-1471 in SnakeYaml (also fixed in Retail Applications, Financial Services, and Banking), and CVE-2023-20873 in Spring Boot.

Among its eight fixes, the company’s Fusion middleware has three critical bugs in its core component: CVE-2023-22069, CVE-2023-22072, and CVE-2023-22089, all described as “easily exploited” vulnerabilities allowing an attacker to compromise the WebLogic server.

Oracle Analytics inherits two further bugs from the Apache project: CVE-2022-26612 in the Hadoop unTar function; and CVE-2022-33980 in the Apache Commons configuration utility.

Hyperion inherits yet another Apache bug: CVE-2023-25690, a web request smuggling vulnerability in the project’s HTTP server.

Finally, a Spring security bug, CVE-2023-34034, shows up in MySQL and Communications.

Oracle's critical patch update is here.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Victoria's first government tech chief steps down

Victoria's first government tech chief steps down

WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices

Log In

  |  Forgot your password?