Oracle's 155 bug fixes add to mega Patch Tuesday

Oracle has a large number of fixes lined up for Tuesday, including 25 for Java SE, while Microsoft and Adobe have patches due then too.
Written by Liam Tung, Contributing Writer

This Tuesday Oracle will release fixes for 155 vulnerabilities affecting 44 products, with the most serious bugs to be fixed being 25 that affect Java SE.

Oracle has a larger than usual line up of fixes in its quarterly critical patch update set for release on Tuesday, alongside Microsoft's Patch Tuesday and Adobe's fixes for Flash.

Topping the two previous quarters' updates, Oracle's October update includes 155 fixes for multiple versions of 44 different products and for flaws that can be remotely exploited over a network without requiring user credentials.

Oracle will release 25 security fixes for Java SE, which include 22 vulnerabilities that "may be remotely exploitable without authentication."

Oracle says that components affected in this month's update include Java SE, Java SE embedded, JavaFX and JRockit. The highest CVSS Base Score severity rating among the Java fixes is 10 — the highest possible.

Different versions of Oracle Database Server products will also get a number of important fixes with 32 lined up for Tuesday and at least one attracting a CVSS Base Score of 9.0. According to Oracle, one of the 32 fixes is for a flaw that "may be remotely exploitable without authentication", while four fixes are applicable to client-only installations.

Of the 17 fixes on the way for Oracle Fusion Middleware products, 13 may also be remotely exploited without authentication, however the highest CVSS Base Score for the fixes is 7.5.

Meanwhile four fixes for Oracle Retail Applications which are all remotely exploitable without authentication have been given the same severity rating. Oracle Sun Systems Product Suite will also receive 15 fixes of which six are remotely exploitable. The highest severity rating for this product is 7.8. Finally, Oracle MySQL will get at least one fix with a severity rating of 8.0 with 24 fixes due for the product, nine of which can be remotely exploited without authentication.

While Tuesday's update includes more than the above mentioned fixes, they're for flaws given a CVSS Base Score of no more than 5.0.

All of this will add to the fun on Tuesday, with Microsoft due to issue include three critical updates address problems in Internet Explorer and all versions of Windows. Adobe is also expected to release its monthly security fixes for Flash on Tuesday.

Editorial standards