Number: IRCNE2015012406
Date: 2015/01/25
According to “zdnet”, Oracle's quarterly critical patch update includes security updates and patches for 169 problems affecting products including Java, Fusion Middleware, Enterprise Manager and MySQL.
The California-based company's January 2015 Critical Patch Update includes 8 vulnerability fixes for Oracle Database, such as one severe issue given a CVSS Base Score of 9 -- as it allows a full compromise of the targeted server.
In total, 36 new fixes have been issued for Oracle Fusion Middleware products, and the most severe received a rating of 9.3. Two of the Oracle Fusion Middleware vulnerabilities fixed in this Critical Patch Update can result in a server takeover.
10 new fixes have been included for Oracle E-Business Suite, 6 for Oracle Supply Chain Suite, 7 for Oracle PeopleSoft Enterprise, one for Oracle JDEdwards EnterpriseOne, 17 for Oracle Siebel CRM, and 2 for Oracle iLearning.
Out of 19 vulnerabilities, 15 affect client-only installations, 2 affect client and server installations, and 2 affect JSSE installations. However, considering how many critical updates in the past have predominantly focused on Java, this security fix rate is relatively low.
The executive also noted that threats associated with this update range include everything from reading and writing local data to complete "operating system takeover including arbitrary code execution." Naturally, complete system takeovers are the most severe threats, as this places a user's sensitive data at risk, allows an attacker to install malware, steal an identity or use a compromised system to infect others.
- 2