Security News > 2020 > January > Oracle Ties Previous All-Time Patch High with January Updates
The CPU ties for Oracle's previous all-time high for number of patches issued, in July 2019, which overtook its previous record of 308 in July 2017.
The updates include fixes for Oracle's most widely deployed products, including the Oracle Database Server; Oracle Enterprise Manager; Oracle Fusion Middleware; 19 new security patches for Oracle MySQL; and the Oracle E-Business Suite.
In its customer relationship management platforms, there are 15 patches for Oracle PeopleSoft; and five patches for Oracle Siebel CRM. On the vertical-specific software front, Oracle patched 12 bugs in Oracle Construction and Engineering; 24 flaws for Oracle Financial Services Applications; one bug for Oracle Food and Beverage Applications; three for Oracle Health Sciences Applications; one patch for Oracle iLearning; nine patches for Oracle JD Edwards; four patches for Oracle Utilities Applications; and 22 patches for Oracle Retail Applications.
January's massive CPU also features 17 patches for Oracle Systems; two patches for Oracle Hyperion; eight patches for Oracle Supply Chain; Oracle GraalVM; and 22 patches for Oracle Virtualization.
"If you're an Oracle sysadmin, I'd recommend focusing first on the patches that can be exploited with no user interaction and do not require authentication. Specifically, bugs like CVE-2020-11058 and CVE-2019-2904 should make Oracle database admins nervous. There are also multiple patches to address bugs from 2016, 2017 and 2018, which shows how bad the patch can be for complex systems."
News URL
https://threatpost.com/oracle-cpu-all-time-patch-high-january/151861/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-12 | CVE-2020-11058 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. | 2.2 |
2019-10-16 | CVE-2019-2904 | Unspecified vulnerability in Oracle products Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). | 9.8 |