Oracle has released a Critical Patch Update to fix 136 vulnerabilities in its 49 products, which includes Java SE and MySQL, the company’s Database Server and E-Business Suite, its Fusion Middleware, and its Sun Systems Products Suite.
Oracle Released A Major Update To Fix 136 Vulnerabilities
On Tuesday, April 19, Oracle introduced a routine security update that addresses a total number of 136 vulnerabilities in their products. According to a statement, the corrections were applied in 49 of the company ‘s products, including the Oracle Database, Fusion Middleware, Peoplesoft, E-Business Suite, MySQL, Java , and a number of other products. The patch is the company’s first to use the Common Vulnerability Scoring Standard (CVSS) 3.0 instead of the old CVSS 2.0 system.
By using the new version of CVSS, the US can identify the severity of some threats and it should be prioritized. The update includes patches that eliminate 31 vulnerabilities in MySQL (4 errors with the possibility of remote operation without an authentication), 5 problems in Oracle Database (2 of them with the possibility of remote operation without authentication), 22 errors in the Oracle Fusion Middleware (21 of them can be remotely operatable without an authentication), 18 vulnerabilities in Oracle Sun solutions, including CVE-2011-4461, dated the year 2011 (12 errors with remote operation).
The company says it continues to receive regular reports of attempts to exploit malicious vulnerabilities in its products that have already released patches. “In some cases, it was reported that the attackers were successful because they target the customers who failed to apply patches available from Oracle.” Thus, the company strongly recommends that customers remain in supported versions actively and apply the Critical Patch Update fixes without delay.
In the new release of Java SE eliminated 9 security problems which all can be operatable remotely without authentication. Three errors assigned severity level of 9.6 magnitude on the CVSS scale. 6 issues appear only on client systems (running in the browser Java Web Start and Java applets), and 3 errors affect both clients and Java server-side configuration.
Oracle strongly recommends that as soon as possible to install security the patches.