The Critical Patch Update released by Oracle on Tuesday includes 98 security fixes for a wide range of product families.
The update contains 14 security fixes for vulnerabilities in Oracle Java SE, three of which have a CVSS Base Score of 10.0 and all of which are remotely exploitable without authentication, according to an advisory posted on Tuesday.
Included in this set of patches is the final release of public updates for Java 7.
“For Java 7-based applications, this is the last security update that will be publicly available – the proverbial “end of the road” for Java 7 application security,” John Holt, CTO with Waratek, said in a statement emailed to SCMagazine.com. “After today, the only version of the Java Platform which will receive public security updates is Java 8.”
Of the 17 vulnerabilities addressed in Oracle Fusion Middleware, 12 are remotely exploitable without authentication and one of the flaws has a CVSS Base Score of 10.0, the advisory indicates. In Oracle Sun Systems Product Suite, eight vulnerabilities were addressed, with four being remotely exploitable without authentication and one having a CVSS Base Score of 10.0.
The update for MySQL includes fixes for 26 vulnerabilities, four of which are remotely exploitable without authentication, and one of which has a CVSS Base Score of 10.0, according to the advisory.
None of the remaining fixes are for vulnerabilities with a CVSS Base Score of 10.0.
One of the two vulnerabilities addressed in Oracle Hyperion is remotely exploitable without authentication, and the same goes for three of the four bugs addressed in Oracle E-Business Suite, two of the seven flaws addressed in Oracle Supply Chain Products Suite, and one of the six vulnerabilities addressed in Oracle PeopleSoft Products.
The two vulnerabilities addressed in Oracle Commerce Platform and the two vulnerabilities addressed in Oracle Retail Applications are remotely exploitable without authentication, as is the one vulnerability addressed in Oracle Enterprise Manager Grid Control, the one flaw addressed in Oracle Siebel CRM and the one bug addressed in Oracle Right Now Service Cloud.
None of the four vulnerabilities addressed in Oracle Database – one of which has a CVSS Base Score of 9.0 – are remotely exploitable without authentication, and neither is the one vulnerability addressed in Oracle JD Edwards Products, the one bug addressed in Oracle Health Sciences Applications, and the one flaw addressed in Oracle Support Tools.
