On Tuesday, April 19, Oracle introduced a routine security update that addresses 136 vulnerabilities in their products.
According to a statement, the corrections were applied in 49 of the company’s products, including the Oracle Database, Fusion Middleware, Peoplesoft, E-Business Suite, MySQL, Java, and several other products. The patch is the company’s first to use the Common Vulnerability Scoring Standard (CVSS) 3.0 instead of the old CVSS 2.0 system.
Oracle Released A Major Update To Fix 136 Vulnerabilities
Using the new version of CVSS, the US can identify the severity of some threats, which should be prioritized. The update includes patches that eliminate 31 vulnerabilities in MySQL (4 errors with the possibility of remote operation without an authentication), 5 problems in Oracle Database (2 of them with the possibility of remote operation without authentication), 22 errors in the Oracle Fusion Middleware (21 of them can be remotely operatable without an authentication), 18 vulnerabilities in Oracle Sun solutions, including CVE-2011-4461, dated the year 2011 (12 errors with remote operation).
The company says it continues to receive regular reports of attempts to exploit malicious vulnerabilities in its products that have already released patches. “In some cases, it was reported that the attackers were successful because they targeted the customers who failed to apply patches available from Oracle.”
Thus, the company strongly recommends that customers remain in supported versions actively and apply the Critical Patch Update fixes without delay.
The new release of Java SE eliminated 9 security problems which all can be operatable remotely without authentication.
Three errors were assigned severity levels of 9.6 magnitudes on the CVSS scale. Six issues appear only on client systems (running in the browser Java Web Start and Java applets), and 3 errors affect both clients and Java server-side configuration. Oracle strongly recommends that it be done as soon as possible to install security patches.