Oracle fixes many vulnerabilities in dozens of products

Summary:Today's quarterly update affects over 100 versions of 44 products including the Oracle database, Java and PeopleSoft Enterprise.

Oracle has released a large set of security updates to multiple versions of 44 different products. The updates address a total of 113 vulnerabilities in over 100 versions of its products.

Among the major products patched are Oracle Database Server (five vulnerabilities), Oracle Fusion Middleware (29), Oracle Hyperion (seven), Oracle E-Business Suite (five), Oracle PeopleSoft (five), Oracle Siebel CRM (six), Oracle MySQL Executive (ten), Oracle Solaris (four) and, of course, Oracle Java (20). Many of the vulnerabilities are severe and can result in remote compromise of the system. Many affect multiple products.

Oracle recommends that customers apply all the updates as soon as possible.

The largest set of vulnerability fixes is for Oracle Fusion Middleware. Of the 29 vulnerabilities fixed, 27 may be remotely exploitable without authentication, i.e. they may be exploited over a network without the need for a username and password.

Other products with large numbers of anonymous remote vulnerabilities are Java (all 20), Oracle Siebel CRM (four) and Oracle Virtualization products, which consists of Oracle Secure Global Desktop (SGD), Sun Ray and Oracle VM VirtualBox (eight).

Comparatively few of the vulnerabilities have CVSS Base Scores (a measure of severity ranging from 0 to 10.0) above 7.5. Java has eight such vulnerabilities and Oracle Database just two.

The update is a regularly-scheduled quarterly update for Oracle. As we had already reported, Oracle has announced that there will be  no more support for Java on Windows XP .

Topics: Security, Oracle

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.