Oracle rolls out security fixes for 104 vulnerabilities
Oracle on Tuesday released the quarterly Critical Patch Update, along with security fixes to address the Heartbleed vulnerabilities in various products.
Last week, the company issued a list of products affected by the Heartbleed OpenSSL security flaw with the current status of the vulnerable versions.
With the latest update, Oracle patched a total of 104 vulnerabilities found across many of its products, including Oracle Database, Oracle iLearning, Oracle Java SE, Oracle Linux and Virtualisation, and Oracle MySQL.
“Due to the relative severity of a number of the vulnerabilities fixed in this Critical Patch Update, Oracle strongly recommends that customers apply it as soon as possible,” the company said.
The most important are the patches addressing 37 vulnerabilities in Java SE, four of which are said to be highly critical with CVSS ratings of 10.0 that allow for remote code execution if exploited. A Sun patch also addresses four flaws affecting the Solaris platform that are reported to be lower risks.
The critical Patch update also fixes 20 Fusion Middleware vulnerabilities with CVSS Base Score of 7.5. All the 20 vulnerabilities could be easily exploited using HTTP, while 13 of it, doesn’t require authentication.
The patch update also fixes 5 vulnerabilities in the Oracle Linux and Virtualization products. The most severe of these 5 vulnerabilities could reportedly affect certain versions of Oracle Global Secure Desktop.
Other fixes in the CPU include 14 vulnerabilities for MySQL Server, 2 of which are easy to exploit remotely, and 8 vulnerabilities affecting PeopleSoft Enterprise, with five remotely exploitable flaws.
Oracle Hyperion, Oracle Supply Chain Product Suite, Oracle Siebel CRM, and Oracle and Sun Systems Products Suite have also received updates for vulnerabilities.