ID: IRCNE2013041818
Date: 2013-04-17
According to “CNet”, Oracle released yesterday 128 fixes for security vulnerabilities that affect "hundreds" of its products.
The software giant and Java maker said in a pre-release announcement that four of the patches include fixes for Oracle's flagship database product, which can be exploited remotely without the need for a username or password.
Also, 29 security fixes arrived for Oracle Fusion Middleware, with 22 of these also for preventing attacks without the need for authentication.
Affected components include Oracle HTTP Server, JRockit, WebCenter, and WebLogic.
Both Oracle products have a common vulnerability scoring system (CVSS) rating of 10, described as the most severe vulnerability.
Oracle E-Business Suite contains six security fixes, Oracle Supply Chain Products Suite has three security fixes, and Oracle PeopleSoft Products contains 11 security fixes.
Dozens more fixes for various Sun-branded products and Oracle financial software arrived later yesterday when Oracle released the patches over the usual update channels.
The "critical" patch update contains more security fixes than the release in January, which contained 86 fixes. The high impact nature of these updates mean that the affected Oracle products must be patched "as soon as possible," as a result of the "threat posed by a successful attack."
The Web plug-in Java, developed by Oracle, also received a number of updates, including 42 security patches.
Out of the total number, only three vulnerabilities relate to issues that are not remotely exploitable issues, meaning the software can be attacked over a network without the need for a username or password.
Affected Java software includes Java 5 (Update 41) and earlier, Java 6 (Update 43) and earlier, and Java 7 (Update 17) and earlier. JavaFX 2.2.7 and earlier versions are also affected.
- 2