News & Events

Oracle roll out more than 250 new patches this quarters

It’s about that time of year when Oracle release their quarterly security patches, and this time there are over 250 fixes spanning over 76 products.

In fact, there are a total of 253 patch fixes from which 15 have a Common Vulnerability Scoring System (CVSS) score of 9.0 or over, meaning they are critical updates. Oracle Big Data Discovery, Oracle Web Services, Oracle Commerce or WebLogic are areas that are more likely to be compromised by the worst of bugs according to the verbose patch dump explainer.

Not just that, there are also a pair of Java vulns that allows an unauthenticated attacker whom has network access, to compromise Java SE. Hackers that are most successful flourish when there is human interaction present, other than the attacker themselves. Although the attack is within Java SE, other products/ systems are also vulnerable to attack which could lead into complete takeover the Java SE environment.

The OJVM component with Oracle Database Server is another product that cares a critical bug which is rated at 9.1 on the CVSS. This bug effects Oracle Database versions 11.2.0.4 and 12.1.0.2 and is easily exploited by high level attackers having Create Session and Create Procedure privileges to compromise OJVM. Again these attacks carry the venin to make large disruptions to other products with your suite, which can potentially result in the takedown of OJVM.

Those of you using Oracle Database must know that the Application Express component of your environment is most at risk from attackers that have access to networks via HTTP; and anyone still using the Sun Ray thin client caper, there’s a rather large bug rated at 8.2 to tend to. But fear not as these are all taken care of in this release.

As you can imagine, there is an endless list of bugs that have been found during this process and the 253 patches that have been released are there to ensure that these fixes amend any issues you as an end user might be experiencing.

If you feel that you need help understanding these patches or anything around Oracle’s quarterly release, please get in touch and one of our Oracle Database experts or specialist DBA’s will be able to talk you through it.

Get in touch

For more information or to schedule a demo please contact us

Contact us

News

dsp drives up its share of the Database MSP Market with
record contract growth and 2nd acquisition

DSP firmly established itself as one of the UK’s fastest growing proactive Database MSPs during 2016, signing £2.1m of new contracts and making its second acquisition, the Oracle DBA support division of IT Services provider ITSB.

Read more
View All

Event

Applications on Oracle Database Appliance (ODA)

A main goal... how to future proof your applications environment through Oracle while becoming more efficient in terms of costs and productivity.

As well as the option of developing the fundamental steps you need to take to get ...

Read more
View All

Blog

How can you regularly benchmark your database and application infrastructure against real-life? Why would you want to?

In the age of big data, public cloud, private cloud it’s easy to be pushed into constantly thinking about the future... What should you optimise though and how can you be sure it’ll make a difference? Would knowing it could give you a competitive edge be worth considering?

Read more
View All