Oracle preps critical security update

By on
Oracle preps critical security update

All Java vulnerabilities remotely exploitable.

Oracle has prepared another bulky security update for July which contains 113 new fixes the company is urging its customers to apply as soon as possible to prevent attacks on their systems.

Several hundreds of Oracle products will need to be updated when the patch bundle is released tomorrow, Australian time.

Among these are the company's Database 11g release 1 and 2, and 12c release 1; Fusion Middleware 11gR1 and 12cR1; the Glassfish Communications Server version 2.0; Agile Product Collaboration; the Solaris operating system versions 8 to 11.1 and the MySQL Server 5.5 and 5.6.

PeopleSoft Enterprise products as well as Oracle Siebel applications are also covered by the critical patch update (CPU).

Oracle's Java Standard Edition platform versions 5.0 update 65, 6u75, 7u70 and the latest 8u5 will also need to be patched, along with JRockit.

Java continues to be a problem area for Oracle, and in the July CPU (critical patch update) boasts the dubious honour of having the Common Vulnerability Scoring System (CVSS) base score of 10 - the highest and most serious rating.

Some 20 new security fixes are available for Java, plugging vulnerabilities that can all be remotely exploited without the need for username/password authentication, the company has advised.

While this is fewer than the last CPU in April this year, which contained 37 vulnerability fixes for Java, fewer of those scored a CVSS of 10 or were remotely exploitable.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?