X
Tech

Oracle issues critical patch update: 104 security fixes

In a massive critical patch update, Oracle has fixed 104 security flaws within its products. Unsurprisingly, Java is at the top of the list.
Written by Charlie Osborne, Contributing Writer
Screen Shot 2014-04-16 at 10.20.21

Oracle has released a swathe of security updates culminating in a massive 104 new security fixes for products including Java, Fusion Middleware, and MySQL.

The California-based firm's latest critical patch update (CPU) includes 37 Java SE vulnerabilities, four of which were deemed critical after receiving a CVSS Base Score of 10. Out of these security flaws, 29 affected client-only deployments, while six affected both client and server deployments of Java. One affects the Javadoc tool and one affects unpack200. CVE-2014-2398 can be exploited remotely and so updates should not be stalled in order to keep your system safe.

The CPU also provides 20 Fusion Middleware vulnerability fixes. The highest CVSS Base Score for these Fusion Middleware vulnerabilities is 7.5, which is fairly severe in Oracle's measurements. Each one can be exploited using HTTP, and 13 can be exploited remotely without authorization.

MySQL version 5.5 and 5.6 have received patch updates, and only one, CVE-2014-2431, is exploitable remotely. However, there are 14 security vulnerabilities in total for this software.

Two fixes were issued for Oracle's flagship software, the Oracle Database, and both security flaws would need credentials before systems could be exploited remotely.

Other product lines affected by the latest CPU include Hyperion, Supply Chain Product Suite, PeopleSoft Enterprise, Sun Systems Products Suite and Oracle Linux and Virtualization. Due to the severity of this update, it is recommended that you apply the patch immediately.

The next CPU date is 15 July this year.

The full list of affected software is below:

Screen Shot 2014-04-16 at 10.38.52
Screen Shot 2014-04-16 at 10.39.08
Editorial standards