Oracle patches 78 vulnerabilities
Posted on 18 January 2012.
Oracle publishes Critical Patch Updates (CPUs) on a quarterly schedule.


Oracle released its January edition with patches for a majority of their product line:
  • Oracle Solaris: eight vulnerabilities in Solaris itself, including CVE-2012-0094 with the highest CVSS score of 7.8 in the advisory, plus three issues in the Glassfish application server.
  • Weblogic Application Server: two vulnerabilities, neither one requiring authentication MySQL Server: a total of 27 vulnerabilities in versions 5.x, with one Remote Code Execution vulnerability (CVE-2011-2262).
  • Oracle Database Server: both version 10 and 11 are affected by two remote code execution vulnerabilities, one in the Listener (CVE-2012-0072) and the other one in the core RDBMS server (CVE-2012-0082).
  • Oracle Applications, such as Peoplesoft and JD Edwards have a total of 14 vulnerabilities between themselves
  • Oracle Virtualization software: three vulnerabilities, two in the Guest Additions and Shared Folders, which are widely used but only accessible locally.
Overall a large update for Oracle software users, but with plenty of mitigating factors. We recommend addressing vulnerabilities on systems that are Internet accessible first. Most likely this will mean fixing Weblogic/Apache and Solaris vulnerabilities first, followed by MySQL.

Oracle RDMBS can probably be addressed last as these systems tend to be installed in internal networks or well firewalled if they are connected to the Internet at all. A good map of your network will help in determining where to start.

BTW, both Oracle Enterprise Linux and Oracle Java are not covered in the CPU process and receive updates on their own distinct schedules.


Author: Wolfgang Kandek, CTO, Qualys.





Spotlight

Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. Itís not.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 2nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //