Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Oracle Ties Previous All-Time Patch High with January Updates

posted by Fnord666 on Wednesday January 15 2020, @10:00PM   Printer-friendly
from the patchy-Tuesday dept.

Arthur T Knackerbracket has found the following story:

Oracle has patched 334 vulnerabilities across all of its product families in its January 2020 quarterly Critical Patch Update (CPU). Out of these, 43 are critical/severe flaws carrying CVSS scores of 9.1 and above. The CPU ties for Oracle's previous all-time high for number of patches issued, in July 2019. This overtook its previous record of 308 in July 2017.

The company said in a pre-release announcement that some of the vulnerabilities affect multiple products.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update patches as soon as possible," it added.

The updates include fixes for Oracle's most widely deployed products, including the Oracle Database Server (12 patches total, three remotely exploitable without authentication); Oracle Communications Applications (25 patches, 23 remotely exploitable without authentication, six critical); Oracle Enterprise Manager (50 patches, 10 remotely exploitable without authentication, four critical); Oracle Fusion Middleware (38 patches, 30 remotely exploitable without authentication, three critical); 19 new security patches for Oracle MySQL (19 patches, six remotely exploitable without authentication); and the Oracle E-Business Suite (23 patches, 21 remotely exploitable without authentication, two critical).

-- submitted from IRC

Original Submission

 
This discussion has been archived. No new comments can be posted.
Oracle Ties Previous All-Time Patch High with January Updates | Log In/Create an Account | Top | 9 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Insightful) by Barenflimski on Wednesday January 15 2020, @11:13PM (1 child)

    by Barenflimski (6836) on Wednesday January 15 2020, @11:13PM (#943824)

    What happened over at Oracle? Did they simply not pay any attention to security until last quarter? Did they install a new security team that knew what they were doing?

    Somewhere in their development life-cycle it seems that they need to have some sort of QA. Then again when I need a patch, it doesn't matter how secure it is as long as things start to work on day 1. Sounds to me like their code is fumbled together with a secondary review of their code coming later in the process. If this is true, I can only imagine there are oodles of systemic issues that will never be ferreted out of the system without doing a complete rewrite.

    Starting Score:    1  point
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 3, Interesting) by darkfeline on Thursday January 16 2020, @04:14AM

    by darkfeline (1030) on Thursday January 16 2020, @04:14AM (#943894) Homepage

    Or more likely, they have incompetent teams fixing the security issues on legacy code bases, such that each fix introduces at least one new issue.

    --
    Join the SDF Public Access UNIX System today!