Oracle patches 78 vulnerabilities
Posted on 18 January 2012.
Oracle publishes Critical Patch Updates (CPUs) on a quarterly schedule.


Oracle released its January edition with patches for a majority of their product line:
  • Oracle Solaris: eight vulnerabilities in Solaris itself, including CVE-2012-0094 with the highest CVSS score of 7.8 in the advisory, plus three issues in the Glassfish application server.
  • Weblogic Application Server: two vulnerabilities, neither one requiring authentication MySQL Server: a total of 27 vulnerabilities in versions 5.x, with one Remote Code Execution vulnerability (CVE-2011-2262).
  • Oracle Database Server: both version 10 and 11 are affected by two remote code execution vulnerabilities, one in the Listener (CVE-2012-0072) and the other one in the core RDBMS server (CVE-2012-0082).
  • Oracle Applications, such as Peoplesoft and JD Edwards have a total of 14 vulnerabilities between themselves
  • Oracle Virtualization software: three vulnerabilities, two in the Guest Additions and Shared Folders, which are widely used but only accessible locally.
Overall a large update for Oracle software users, but with plenty of mitigating factors. We recommend addressing vulnerabilities on systems that are Internet accessible first. Most likely this will mean fixing Weblogic/Apache and Solaris vulnerabilities first, followed by MySQL.

Oracle RDMBS can probably be addressed last as these systems tend to be installed in internal networks or well firewalled if they are connected to the Internet at all. A good map of your network will help in determining where to start.

BTW, both Oracle Enterprise Linux and Oracle Java are not covered in the CPU process and receive updates on their own distinct schedules.


Author: Wolfgang Kandek, CTO, Qualys.





Spotlight

New Zeus variant targets users of 150 banks

Posted on 19 December 2014.  |  A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Dec 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //