ID: IRCNE2013101987
Date: 2013-10-19
According to “ZDNet”, Oracle's Critical Patch Update (CPU) in the quarterly cycle has been released, and includes a mammoth 127 security fixes -- including 51 for Java.
This is the first time that Java is being patched with other Oracle products -- including the E-Business Suite, MySQL and the Primavera Products Suite. Previously, Java was updated every four months.
The October CPU release includes fixes for a variety of software applications -- basically all of them in enterprise server-related product families:
- Oracle Database
- Oracle Fusion Middleware
- Oracle Enterprise Manager
- Oracle Applications - E-Business Suite
- Oracle Applications - Oracle Supply Chain, PeopleSoft Enterprise, Siebel and iLearning Products Suite
- Oracle FLEXCUBE Products Suite
- Oracle Health Sciences Products Suite
- Oracle Retail Products Suite
- Oracle Primavera Products Suite
- Oracle Java
- Oracle MySQL
Arguably, the most important vulnerability fixes within this update is Java, considering the vast number of consumers who use the software worldwide. Out of the 51 fixes on offer, 50 are related to Java Applets and Java WebStart, which are used when you run the applications in your web browser. Many security experts argue that while Java is a useful application, it should be disabled in your browser, where it represents a constant security risk.
Worryingly, 12 of the vulnerabilities being patched in this update have the most urgent, critical CVSSv2 score of 10, which indicates that these flaws can be exploited so others can gain access over a network without authentication, as warned by CTO of cloud security firm Qualys Wolfgang Kandek.
While some versions of Java update themselves, others do not, so it is worthwhile checking to see what version your operating system runs. Despite the confusion, Oracle "strongly recommends that customers apply CPU fixes as soon as possible."
The next CPU update is scheduled for 14 January, 2014.
- 2