Oracle patches 78 vulnerabilities
Posted on 18 January 2012.
Oracle publishes Critical Patch Updates (CPUs) on a quarterly schedule.


Oracle released its January edition with patches for a majority of their product line:
  • Oracle Solaris: eight vulnerabilities in Solaris itself, including CVE-2012-0094 with the highest CVSS score of 7.8 in the advisory, plus three issues in the Glassfish application server.
  • Weblogic Application Server: two vulnerabilities, neither one requiring authentication MySQL Server: a total of 27 vulnerabilities in versions 5.x, with one Remote Code Execution vulnerability (CVE-2011-2262).
  • Oracle Database Server: both version 10 and 11 are affected by two remote code execution vulnerabilities, one in the Listener (CVE-2012-0072) and the other one in the core RDBMS server (CVE-2012-0082).
  • Oracle Applications, such as Peoplesoft and JD Edwards have a total of 14 vulnerabilities between themselves
  • Oracle Virtualization software: three vulnerabilities, two in the Guest Additions and Shared Folders, which are widely used but only accessible locally.
Overall a large update for Oracle software users, but with plenty of mitigating factors. We recommend addressing vulnerabilities on systems that are Internet accessible first. Most likely this will mean fixing Weblogic/Apache and Solaris vulnerabilities first, followed by MySQL.

Oracle RDMBS can probably be addressed last as these systems tend to be installed in internal networks or well firewalled if they are connected to the Internet at all. A good map of your network will help in determining where to start.

BTW, both Oracle Enterprise Linux and Oracle Java are not covered in the CPU process and receive updates on their own distinct schedules.


Author: Wolfgang Kandek, CTO, Qualys.





Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //