News

Oracle released a new set of patches

Oracle released a new set of patches. The next updates for Oracle products contain 219 patches; many of them close several vulnerabilities at once.

At the same time, some bugs affect different products – for example, the RCE vulnerability CVE-2019-14379 in the FasterXML jackson-databind software package, which provides functionality for converting JSON content into Java objects and vice versa. This library is used by Oracle web applications for finances, construction and retail; they all received the appropriate patch.

“A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. This Critical Patch Update contains 219 new security patches across different product families”, — report Oracle developers.

Read also: Simjacker attack threatens users from 29 countries

More than half of the vulnerabilities closed by the vendor can be exploited remotely and without authorization in the system. Of these, 14 were rated as critical: they received at least 9 points on the CVSS scale. The most dangerous is CVE-2018-14721 – the possibility of server-side query spoofing (SSRF), found in NoSQL DBMS.

Related Articles

The degree of danger is estimated at 10 points out of ten possible. In addition to it, Oracle patched a dozen more bugs affecting its database server software; eight of them are tied to a relational DBMS.

Products of the Fusion Middleware family – 37 received the largest number of patches. Among them 32 vulnerabilities were totally eliminated (in addition to those contained in the Oracle Database). Eight of them were identified in various components of WebLogic Server.

34 patches were released for the MySQL database management system, and 20 for the Java SE platform. The popular set of business applications E-Business Suite, the PeopleSoft enterprise management system, Oracle VM VirtualBox, Solaris OS were also patched.

“Oracle continues to receive periodic reports of malicious exploitation attempts for which patches have already been released. Some attempts were successful, as the attacked user did not bother to apply the finished patch. In this regard, Oracle strongly recommends using only versions with active support and installing quarterly patches without delay”, – said in the newsletter of the company.

According to Oracle’s schedule, developers will form the next set of patches by January 14th.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

Back to top button