Oracle patches 104 vulns, still working on some Heartbleed fixes
Posted on 17 April 2014.
Oracle's April 2014 Critical Patch Update has been released, and solves a total of 104 vulnerabilities found across many of its products, including Oracle Database, Oracle Fusion Middleware, Oracle Hyperion, Oracle Supply Chain Product Suite, Oracle iLearning, Oracle PeopleSoft Enterprise, Oracle Siebel CRM, Oracle Java SE, Oracle and Sun Systems Products Suite, Oracle Linux and Virtualization, and Oracle MySQL.

The most important ones for regular users are the patches addressing 37 vulnerabilities in Java SE, as four received a CVSS Base Score of 10.0 (Highly Critical - remote code execution, easily exploitable).

"Due to the relative severity of a number of the vulnerabilities fixed in this Critical Patch Update, Oracle strongly recommends that customers apply it as soon as possible," the company advised.

If you are wondering if any of these patches address the Heartbleed bug (CVE-2014-0160), the answer is no.

Oracle has recently published a detailed document about which of its products are affected by the bug, and Java SE is not among them as it does not include OpenSSL.

Still, they warned that the "surrounding technical environment deployed around these products should be checked for the presence of other components, which may be affected by this vulnerability."

Oracle has already patched some of its products that were vulnerable because of the Hearbleed bug, and is working on fixing the rest (14 in all).









Spotlight

The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //