Not logged in » Login
Jan 19 2017

Oracle Patch Day Fixes 270 Vulnerabilities

Installing the quarterly Oracle Critical Patch Updates is rarely a lot of fun, but the collection available in Round 1, 2017 might cause irritation due to the sheer number of amendments.

As per usual, the latest Critical Patch Update includes security fixes for nearly all Oracle software products. The related advisory lists a total of 270 vulnerabilities that call for sometimes urgent repair measures, with 10% of these pertaining to MySQL and another 6% pertaining to Java installations. Other affected products include Oracle server software (GlassFish, WebLogic); Fusion middleware; various E-Business Suite editions; VirtualBox; HR applications acquired during mergers with JD Edwards, PeopleSoft and Siebel; and the Solaris operating system. The severity of each bug is rated using the Common Vulnerability Scoring Standard (CVSS); according to German IT news service heise online, a large number belong to the so-called critical categories that score a 9 or 10.

The advisory also points out once again that Critical Patch Updates from Oracle "are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory." The company therefore recommends that admins check out older advisories for information regarding prior security fixes that may or may not serve as a basis for the ones on the January list.

Detailed information is available via the My Oracle Support Note 2220314.1 (MOS account required).


Comments on this article

No comments yet.

Please Login to leave a comment.


Please login

Please log in with your Fujitsu Partner Account.


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now