UPDATED 04:48 EDT / OCTOBER 20 2016

NEWS

Oracle issues 253 security fixes in monster October critical patch update

Oracle released a monster number of fixes Tuesday, delivering 253 security updates in its October “critical patch update.”

The patches cover 76 Oracle product,s including databases, networking components, operating systems, applications servers, Java, and enterprise resource planning systems. According to the advisory published by Oracle, 15 of the patches are critical, with some allowing complete system compromise of Oracle Big Data Discovery, Oracle Web Services, Oracle Commerce and WebLogic over HTTP.

A dozen patches for vulnerabilities were issued for the Oracle Database Server, 31 in the MySQL database, seven in Java SE, 13 in Oracle Linux and virtualization products, and 16 in the Sun Systems suite.

Of the seven patches for Java, there were two serious vulnerabilities patched, including one that allows an “unauthenticated attacker with network access via multiple protocols” to compromise Java SE and other software depending on it.

“Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products,” the company added. “Successful attacks of this vulnerability can result in takeover of Java SE.”

One of the patches for the Oracle Database server was rated as critical, described as an “easily exploitable vulnerability” that would allow an attacker with a high level of privileges to “create session and “create procedure” privilege with network access via multiple protocols to compromise the Oracle Java virtual machine.

Oracle MySQL has two serious flaws that may be remotely exploited without authentication.

Two bugs rated with a 9.8 Common Vulnerability Scoring System are present on Oracle’s Fusion Middleware, with one allowing an attacker to takeover Oracle’s Big Data Discovery via HTTP, while the other, also described as “easily exploitable,” allows an attacker to gain access and via the Oracle WebLogic Server.

“Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes,” the company warned. “In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively supported versions and apply Critical Patch Update fixes without delay.”

A full list of the patches can be found here.

Image credit: fun_flying/Flickr/CC by 2.0

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.