Oracle to release 86 security patches, 18 for MySQL
A preview of Oracle's latest quarterly patch batch, which is scheduled for release on Tuesday, is posted on oracle.com
IDG News Service - Oracle is preparing to ship 86 patches covering security vulnerabilities in a wide span of its products, with 18 of the fixes aimed at the MySQL database alone.
Two of the MySQL vulnerabilities can be exploited by an attacker remotely without the need for a user name and password, according to a pre-release announcement posted on Oracle's website. At least one has a "base score" of 9.0 on the CVSS (Common Vulnerability Scoring System), which runs from 1 to 10, with 10 being the most dangerous.
The patch batch, which is scheduled for Tuesday, also includes one fix for Oracle's flagship database, including versions 10g R2, 11g R1 and 11gR2. While the vulnerability in question also has a CVSS base score of 9.0, it can't be exploited remotely without credentials, according to the announcement.
But another five patches will be shipped for Oracle Database Mobile/Lite Server, and all of them are remotely exploitable without requiring authentication, Oracle said. This grouping's highest CVSS base score is 10.0, according to Oracle.
Various components of Oracle Fusion Middleware, including WebLogic Server and Access Manager, will receive seven patches.
Some 13 patches concern Oracle Enterprise Manager Grid Control. All are exploitable remotely without credentials.
The remaining fixes set to ship Tuesday cover Oracle applications such as E-Business Suite and JD Edwards, as well as the Sun Storage Common Array Manager and Oracle's virtualization technology.
Oracle's last patch release, which came in October, fixed 109 problems.
Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris' email address is Chris_Kanaracus@idg.com
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!