Feeds

Oracle squashes 109 bugs in quarterly patch batch

Hot fresh Java will flush parasites from your system

Reducing security risks from open source software

Oracle published the latest edition of its quarterly patch update on Tuesday, addressing 109 vulnerabilities in 10 products.

The patch batch coincided with a release of a new version of Java, tackling 30 vulnerabilities. The Oracle Java SE critical patch for various supported versions of the software is important because Java vulnerabilities have become a prime target of hacker exploits and zero-days over the last couple of years or so.

This had led to widespread advice from security watchers that Java should be disabled, at least in the browser (most websites don't require it).

Wolfgang Kandek, CTO of cloud security firm Qualys, lists the Java update as among the most pressing priority for patching. Applying patches for Solaris and updating MySQL on internet connected servers also need to prioritised among many updates issued by Oracle on Tuesday.

"The Java update should be applied as soon as possible to workstations and servers," Kandek explained in a blog post. "It contains patches for 10 highly critical vulnerabilities that all have a CVSS of 10, all remotely exploitable without authentication.

"Oracle credits a number of contributors for the vulnerabilities found, including Security Explorations, a security company from Poland that had submitted a large number of vulnerabilities to Oracle in April of this year."

Other crucial updates (that rate the maximum Common Vulnerability Scoring System [CVSS] severity score of 10) include a Oracle RDBMS (relational database management system) patch that tackles a flaw unveiled last month at the Ekoparty security conference in Argentina. Windows servers running the vulnerable software are most at risk of attack.

An update to Oracle's MySQL lances 14 vulnerabilities, two of which can be accessed remotely with authentication. Oracle Solaris and Glassfish products are also affected by flaws that lend themselves to remote exploitation by hackers.

Oracle Fusion Middleware, Peoplesoft, JD Edwards and others also need patching but the vulnerabilities tackled in these cases are less severe and harder to exploit.

"Quite a number of products are being patched, also for those of you subject to PCI DSS [credit card industry regulation] there are a significant number of patches addressing issues with a CVSS score of 4 or higher, which must be patched under the standard," a blog post by the SANS Institute's Internet Storm Centre adds. ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.