Security News > 2020 > January > Oracle Ties Previous All-Time Patch High with January Updates

Oracle Ties Previous All-Time Patch High with January Updates
2020-01-14 23:43

The CPU ties for Oracle's previous all-time high for number of patches issued, in July 2019, which overtook its previous record of 308 in July 2017.

The updates include fixes for Oracle's most widely deployed products, including the Oracle Database Server; Oracle Enterprise Manager; Oracle Fusion Middleware; 19 new security patches for Oracle MySQL; and the Oracle E-Business Suite.

In its customer relationship management platforms, there are 15 patches for Oracle PeopleSoft; and five patches for Oracle Siebel CRM. On the vertical-specific software front, Oracle patched 12 bugs in Oracle Construction and Engineering; 24 flaws for Oracle Financial Services Applications; one bug for Oracle Food and Beverage Applications; three for Oracle Health Sciences Applications; one patch for Oracle iLearning; nine patches for Oracle JD Edwards; four patches for Oracle Utilities Applications; and 22 patches for Oracle Retail Applications.

January's massive CPU also features 17 patches for Oracle Systems; two patches for Oracle Hyperion; eight patches for Oracle Supply Chain; Oracle GraalVM; and 22 patches for Oracle Virtualization.

"If you're an Oracle sysadmin, I'd recommend focusing first on the patches that can be exploited with no user interaction and do not require authentication. Specifically, bugs like CVE-2020-11058 and CVE-2019-2904 should make Oracle database admins nervous. There are also multiple patches to address bugs from 2016, 2017 and 2018, which shows how bad the patch can be for complex systems."


News URL

https://threatpost.com/oracle-cpu-all-time-patch-high-january/151861/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-05-12 CVE-2020-11058 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read.
network
high complexity
freerdp canonical debian CWE-119
2.2
2019-10-16 CVE-2019-2904 Unspecified vulnerability in Oracle products
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces).
network
low complexity
oracle
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Oracle 781 388 3148 2078 432 6046