Mammoth Oracle Patch To Address 109 Flaws

Software giant Oracle has announced a massive Critical Patch Update on 16 October which will fix flaws in hundreds of its products.

The Oracle patch update includes 109 vulnerability fixes, covering all kinds of flaws, including many that allow for remote code execution without authentication across multiple products.

Oracle Fusion Middleware alone has 26 flaws that need patching, 13 of which may be remotely exploitable, whilst Oracle Database Server has five that need addressing.

A big Oracle patch

“There are 18 security updates for the former Sun products like GlassFish, Solaris and SPARC. MySQL gets 14 security updates.,” noted Amol Sarwate, director of Vulnerability Labs for Qualys.

“Overall, this is a big release that will keep system administrators busy on all fronts.”

IT teams can find the Oracle patch advisory here.

Certain corners of the security community have upbraided Oracle for its patching practices in recent months, namely over Java.

Larry Ellison’s company was forced into issuing out-of-band Java security fixes, after hackers started exploiting flaws and security experts pleaded for it to get patching.

Since then, another Java flaw has emerged, according to security firm Security Explorations, affecting all modern versions of Java SE, including 5, 6 and 7. Oracle has been made aware of that flaw, according to Security Explorations, and has been quick in responding to the findings.

“This was the first time the company has provided us with a bug confirmation the same day it was reported,” Security Explorations CEO Adam Gowiak told TechWeekEurope last month.

Yet no additional Java updates appear to have come out of Oracle just yet.

Are you a security expert? Find out with our quiz!