Stories
Slash Boxes
Comments

SoylentNews is people

Oracle Ties Previous All-Time Patch High with January Updates

posted by Fnord666 on Wednesday January 15 2020, @10:00PM   Printer-friendly
from the patchy-Tuesday dept.

Arthur T Knackerbracket has found the following story:

Oracle has patched 334 vulnerabilities across all of its product families in its January 2020 quarterly Critical Patch Update (CPU). Out of these, 43 are critical/severe flaws carrying CVSS scores of 9.1 and above. The CPU ties for Oracle's previous all-time high for number of patches issued, in July 2019. This overtook its previous record of 308 in July 2017.

The company said in a pre-release announcement that some of the vulnerabilities affect multiple products.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update patches as soon as possible," it added.

The updates include fixes for Oracle's most widely deployed products, including the Oracle Database Server (12 patches total, three remotely exploitable without authentication); Oracle Communications Applications (25 patches, 23 remotely exploitable without authentication, six critical); Oracle Enterprise Manager (50 patches, 10 remotely exploitable without authentication, four critical); Oracle Fusion Middleware (38 patches, 30 remotely exploitable without authentication, three critical); 19 new security patches for Oracle MySQL (19 patches, six remotely exploitable without authentication); and the Oracle E-Business Suite (23 patches, 21 remotely exploitable without authentication, two critical).

-- submitted from IRC

Original Submission

 
This discussion has been archived. No new comments can be posted.
Oracle Ties Previous All-Time Patch High with January Updates | Log In/Create an Account | Top | 9 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Insightful) by ilsa on Thursday January 16 2020, @12:00AM (2 children)

    by ilsa (6082) Subscriber Badge on Thursday January 16 2020, @12:00AM (#943833)

    I'm very curious to know how many customers they even still have. I haven't heard of anyone moving TO Oracle in years, and I've heard of plenty that were moving away as quick as their contracts would let them.

    I'm guessing the only ones left are companies who are so deeply invested that it would cost them more to move than to pay Oracle's outrageous licensing fees.

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 3, Interesting) by edIII on Thursday January 16 2020, @12:58AM (1 child)

    by edIII (791) on Thursday January 16 2020, @12:58AM (#943842)

    Check the products though. There at least three in there that are, more or less, open source. MySQL, Java SE, and VirtualBox. I use PostgreSQL and OpenJDK, but the version of VirtualBox I'm running right now is vulnerable somehow.

    Depending on server version, this may impact quite a large number of installations of MySQL and Java SE.

    --
    Technically, lunchtime is at any moment. It's just a wave function.

    • (Score: 0) by Anonymous Coward on Thursday January 16 2020, @06:55PM

      by Anonymous Coward on Thursday January 16 2020, @06:55PM (#944154)

      anyone who is not using MariaDB instead is an asshat.