Oracle ships giant raft of patches - but none of them for Java

Filed Under: Featured, Oracle, Vulnerability

Oracle's latest Patch Tuesday has come and gone, with the database-and-more behemoth putting out patches for 89 vulnerabilities.

Twelve products sets in the Oracle stable get from 1 to 21 patches each.

These squash a total of 45 RCEs, or Remote Code Execution vulnerabilities.

In Oracle's own words, which are actually well chosen and plainly put, RCEs are defined as:

vulnerabilities [that] may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The affected product suites are listed below. (Oracle and Sun Systems Products, by the way, means Solaris, if you remember that.)

Product suite Patches RCEs
Oracle Database Server 6 1
Oracle Fusion Middleware 21 16
Oracle Hyperion 1 0
Oracle Enterprise Manager Grid Control 2 2
Oracle E-Business Suite 7 4
Oracle Supply Chain Products Suite 4 1
Oracle PeopleSoft Products 10 8
Oracle iLearning 1 1
Oracle Industry Applications 1 0
Oracle and Sun Systems Products 16 8
Oracle Virtualization 2 2
Oracle MySql 18 2

The one Oracle product conspicuous by its absence from this list is Java.

That's because Java is still on its own once-in-four-months update schedule, and received its most recent Critical Patch Update (CPU) last month.

This should be the last time this that Java will have to march to the tune of its own drum.

October 2013 is Oracle's annual "patchinox", when patches for Java and the rest of Oracle's products coincide.

The company has said that from then on, all non-emergency Critical Patch Updates will take place quarterly, at the same time.

, , , , ,

You might like

One Response to Oracle ships giant raft of patches - but none of them for Java

  1. cavyaro · 371 days ago

    Had to chuckle. Great to see Oracle get some witty barbs!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog