Yo, sysadmins! Thought Patch Tuesday was big? Oracle says 'hold my Java' with huge 334 security flaw fix bundle

www.theregister.co.uk | 1/15/2020 | Staff
jolanjolan (Posted by) Level 3
Click For Photo: https://regmedia.co.uk/2017/10/02/oracle_openworld.jpg

Oracle has released a sweeping set of security patches across the breadth of its software line.

The January update, delivered one day after Microsoft, Intel, Adobe, and others dropped their scheduled monthly patches, addresses a total of 334 security vulnerabilities across 93 different products from the enterprise giant.

IT - Handful - Updates - Platforms

As you may imagine, most IT admins will only need to test and apply a handful of the updates for their specific platforms.

For Oracle's flagship Database Server, the update includes an even dozen patches. Three of those are remotely exploitable without authorization, including one flaw in Apache Tomcat (CVE-2019-10072), one in Big Red's database gateway (CVE-2020-2512), and one for the Core RDBMS product (CVE-2020-2510). The highest CVSS rating was afforded to CVE-2020-2511, a locally-exploitable flaw in Core RDBMS, which scored at 7.7.

Severity - Flaws - Oracle - Communications - Apps

Some of the highest severity flaws were found in Oracle's communications apps, where 23 of the 25 CVE-listed bugs were said to be remotely exploitable without the need for any authentication. Six of those were given CVSS scores of 9...
(Excerpt) Read more at: www.theregister.co.uk
Wake Up To Breaking News!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!