Oracle releases 113 bug fixes in Critical Patch Update

Share this article:
Feedly fixes Android JavaScript code injection flaw, deems it "harmless"
The most critical flaws were in Java and Oracle Database Server.

In its quarterly security update, Oracle has released 113 patches for vulnerabilities across hundreds of its products.

On Tuesday, the company published an advisory for its July Critical Patch Update (CPU), detailing software with the most severe rankings according to its Common Vulnerability Scoring System (CVSS). Oracle's popular browser plug-in Java received 20 patches, all for vulnerabilities that could be remotely exploited by an attacker without a username and password.

One or more of the Java bugs received a CVSS base score of 10, the most critical ranking. Among the numerous Oracle products and software components addressed in the udpate – including Oracle Fusion Middleware, Oracle MySQL Server, Oracle Database 11 and 12, and Oracle E-Business Suite – Java was the only impacted with security issues scoring a 10.

Still, vulnerabilities in Oracle Database Server, which impacted the product's network layer, relational database management system (RDBM) core, and XML parser components, received a CVSS base score of 9, the company revealed. The quarterly update contained only five patches for bugs in Oracle Database Server.

In prepared emailed comments on the July CPU, Ross Barrett, senior manager of security engineering at Rapid7, told SCMagazine.com that the Oracle Database issues would take priority for enterprises database administrators, while fixes for Java would be the top patching concern for “almost all home and enterprise end-users.”

“Recent improvements to the control of when the browser may run Java plug-ins have somewhat mitigated the risk for those users who have been keeping their JRE up to date and actually pay attention to the warnings and controls,” Barrett wrote. “That said, this is still going to be a major risk and we will have to monitor for co-publication of exploit code from various disclosure systems.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.

Woman charged with using spyware on former cop

Kristin Nyunt of Monterey, Calif., is charged with two counts of illegal wiretapping and possession of illegal interception devices and faces a sentence of up to five years in prison.