Number: IRCNE2015072571
Date: 2015/07/18
According to “zdnet”, Oracle's July critical patch update includes security updates and patches for 193 vulnerabilities including remote exploits and authentication issues.
The California-based company's July 2015 Critical Patch Update includes 193 fixes, 44 of which are for third-party components included Oracle product such as Qemu and Glibc.
In total, 10 fixes have been issued for Oracle Database, and two of the vulnerabilities fixed allow for remote exploitation without authentication. The vulnerability, CVE-2015-2629, has been given a CVSS Base Score of 9.0 for the Windows platform and 7.5 for Linux and Unix platforms.
In addition, Oracle Fusion Middleware received 39 new security fixes, 36 of which are for vulnerabilities which are also remote exploits without authentication. The highest CVSS Base Score for these Fusion Middleware vulnerabilities is 7.5.
A number of patches are destined for various Oracle applications. Oracle E-Business Suite gets 13 fixes, Oracle Supply Chain Suite receives 7, PeopleSoft Enterprise gets 8, and Siebel gets 5 fixes. In addition, two fixes have been issued for the Oracle Commerce Platform.
This CPU also addresses 25 vulnerabilities in Oracle Berkeley DB -- with the highest CVSS Base score reported for these vulnerabilities as 6.9 -- and two security flaws within Oracle Communications Applications.
The recently announced zero-day vulnerability CVE-2015-2590 has also been resolved. The zero-day has been detected as being actively exploited in the wild and exploits via drive-by downloads, and is thought to affect the latest version of Java, version 1.8.0.45 but not older versions.
- 8