100+ Security Fixes Announced for the Oracle Critical Patch Update

Status
Not open for further replies.

Littlebits

Retired Staff
Thread author
May 3, 2011
3,893
- Windows XP users also receive the Java updates
On Tuesday, July 15, Oracle will push the quarterly critical patch update, which addresses a hefty set of 113 vulnerabilities in multiple products from the company.

More than half of the fixes (70) aim to eliminate remotely exploitable risks that could be leveraged by an attacker without the need of authentication for the following products:

- Oracle Database Server (1)
- Oracle Fusion Middleware (27)
- Oracle Hyperion (2)
- Oracle E-Business Suite (2)
- Oracle Supply Chain Products Suite (1)
- Oracle PeopleSoft Products (1)
- Oracle Siebel CRM (4)
- Oracle Communications Applications (1)
- Oracle Retail Applications (3)
- Oracle Java SE (20)
- Oracle Virtualization (8)

Other vulnerabilities, affecting Oracle MySQL, Oracle and Sun Systems Products Suite and Oracle Enterprise Manager Grid Control, are to be delivered tomorrow, but these cannot be exploited without a username and password.

Notable is the fact that users running Windows XP will also receive security updates for Java 7, despite the operating system becoming obsolete in April, this year. However, users will no longer receive official support from Oracle.

Henrik Stahl of Oracle made this issue clear in a blog post last week, informing that the company announcement saying that official support for Windows XP had been interrupted was mis-interpreted.

By removing official support for the obsolete platform the company is no longer required (and may not be able) to issue a patch or a workaround for an issue encountered by a customer on Windows XP, and they will have to reproduce it on a newer platform, starting with Windows Vista.

Java 8 does not include support for XP, and Oracle knows that there are problems with the installer. Nevertheless, Stahl says that the company is “looking at possible ways to address this issue but may decide not to - if you are on Windows XP it’s not clear that it’s worth updating to Java 8 without also updating the OS.”

The vulnerabilities listed in the pre-release announcement for this quarterly patch update are not necessarily identical with the ones actually delivered by the developer. Inconsistencies may occur due to changes caused by new information.

The total number of products that are targeted with this set of fixes amounts to hundreds, since many of the listed entries are actually suites containing multiple applications.

Oracle strongly recommends customers to apply these updates due to the serious risks that a successful attack may pose.

Based on this pre-release announcement, customers can prepare their machines in advance for receiving the updates in order to avoid unnecessary trouble. The previous quarterly update was released in April and contained a total of 104 fixes.

Source
 
  • Like
Reactions: XhenEd
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top