Number: IRCNE2015102664
Date: 2015/10/24
According to “zdnets”, Oracle's October critical patch update includes security updates and patches for 154 vulnerabilities including a flaw which allows an attacker full control over a vulnerable system.
The California-based company's October 2015 Critical Patch Update includes 154 fixes which patch holes in a wide range of products, including Oracle Database, Fusion Middleware, Hyperion, Enterprise Manager, Oracle Linux & Virtualization, Java and MySQL.
In total, 8 fixes have been issued for Oracle Database, and the most severe vulnerability allowed attackers to remotely exploit a system without authentication, potentially resulting in the total loss of system control by the user.
The vulnerability, CVE-2015-4863, has been given a CVSS Base Score of 10.0. In addition, three other database vulnerabilities were given a CVSS Base Score of 9.0.
Another security flaw at the top of the severity list impacts the Oracle Sun Systems Products Suite. CVE-2015-4915, which has been awarded a CVSS Base Score of 10.0, is a vulnerability related to the Integrated Lights Out Manager (ILOM) -- which, unfortunately, is used across a wide range of products.
Oracle has also provided 23 security fixes for Oracle Fusion Middleware, 16 of which are remote exploit flaws, one low-severity fix for Hyperion and five fixes for Oracle's Enterprise Manager Grid Control software.
Oracle has patched up 25 vulnerabilities, 24 of which allow for remote execution -- and the highest risk score awarded to one of these flaws is 10.0.
In total, 20 of the vulnerabilities are browser-based, while the remaining five impact on client and server deployments.
- 7