Not logged in » Login
Jul 18 2018

Alert: Oracle Drops Monumental Patch Update

Once per quarter, there's an event that administrators tasked with managing Oracle software do not look forward to, and that's the day when the company's so-called Critical Patch Update is released. The reason for such nervousness is easy to detect: Because of their specific release cycle, these updates typically address hundreds of vulnerabilities at once – a situation that's usually exacerbated by the fact that these flaws are dispersed across dozens of software products. However, even by Oracle's standards this month's package of 334 security fixes is likely a record breaker.

That's according to a report from our colleagues over at, which also states that nearly one fifth of these gaps – 61 in total – were of the highest severity, with ratings between 9 and 10 points on the Common Vulnerability Scoring System (CVSS) that indicate demand for immediate fixing. The list of affected products and versions ranges from Agile Recipe Management for Pharmaceuticals, v 9.3.4, to Tape Library ACSLS, a software that supports automated cartridge management. Moreover, it also reflects more than a decade of Oracle's massive acquisition history, with products like Java SE, JD Edwards EnterpriseOne Tools, MySQL Server, PeopleSoft HRMS, Solaris etc. all added neatly to the mix alongside 'original' Oracle products such as Database Server, E-Business Suite or Fusion middleware. Further according to the Threatpost report, the largest chunk of patches (56) fixes holes in the company's financial service applications.

Since the list is so exceptionally long, it makes little to no sense to pick a most dangerous or most likely-to-be-exploited kind of flaw, like we sometimes do on or around Microsoft's patch days. To determine whether or not you and/or your customers are working with affected software, please check out Oracle's own advisory; here, you will not only find the full list of products, but also a breakdown of severity scores and the potential likelihood of attacks, plus links to corresponding patch availability documents.


Comments on this article

No comments yet.

Please Login to leave a comment.


Please login

Please log in with your Fujitsu Partner Account.


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now