SoylentNews

Oracle's April 2020 Critical Patch Update Brings 397 Security Fixes

upstart writes in with an IRC submission for Bytram:

Oracle's April 2020 Critical Patch Update Brings 397 Security Fixes:

Oracle this week released its April 2020 collection of security patches, which includes a total of 397 fixes for vulnerabilities affecting two dozen products.

The software giant also revealed that 264 of the addressed vulnerabilities could be exploited remotely without authentication.

Roughly 60 of the newly addressed vulnerabilities are considered critical severity, with more than 55 of them featuring a CVSS score of 9.8. Around 90 vulnerabilities have a CVSS score of 8.0 or higher.

Oracle Tackles a Massive 405 Bugs for Its April Quarterly Patch Update

upstart writes in with an IRC submission for Bytram:

Oracle Tackles a Massive 405 Bugs for Its April Quarterly Patch Update:

Oracle admins are staring down the barrel of a massive quarterly Critical Patch Update that includes 405 patches.

Business software giant Oracle Corp. revealed 286 of those vulnerabilities are remotely exploitable across nearly two dozen product lines.

Impacted with multiple critical flaws, rated 9.8 CVSS in severity, are 13 key Oracle products including Oracle Financial Services Applications, Oracle MySQL, Oracle Retail Applications and Oracle Support Tools, according to the company's April Critical Patch Update Pre-Release Announcement, posted Monday.

Each of the bugs will be addressed with mitigation advice or patches by Oracle on Tuesday, coinciding with Microsoft's April's Patch Tuesday release of fixes. That will keep system and network admins taxed with a flood of critical vulnerabilities to contend with.

Oracle's Fusion Middleware alone is reporting 49 "vulnerabilities [that] may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials," according to the bulletin.

Oracle said in total, its Fusion Middleware family of software has 56 new security patches affecting nearly 20 related services, including Identity Manager Connector (v. 9.0), Big Data Discovery (v. 1.6) and WebCenter Portal (v. 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0).

The mammoth update also includes medium-severity flaws for its Java Platform, Standard Edition (Java SE), use for developing and deploying Java applications. Fifteen bugs, with an CVSS rating of 8.5, are remotely exploitable by an unauthenticated attacker over a network – no user credentials required.

Details of the Java SE bugs, along with technical insights and mitigation guidance for all 405 flaws, will be available Tuesday.

Original Submission #1  Original Submission #2