Security News > 2020 > January > Yo, sysadmins! Thought Patch Tuesday was big? Oracle says 'hold my Java' with huge 334 security flaw fix bundle

Oracle has released a sweeping set of security patches across the breadth of its software line.
The January update, delivered one day after Microsoft, Intel, Adobe, and others dropped their scheduled monthly patches, addresses a total of 334 security vulnerabilities across 93 different products from the enterprise giant.
Three of those are remotely exploitable without authorization, including one flaw in Apache Tomcat, one in Big Red's database gateway, and one for the Core RDBMS product.
Also of note was CVE-2020-2696, an elevation of privilege flaw in the Solaris 10 Common Desktop Environment, which was discovered by Marco Ivaldi, principal security adviser at Italian infosec shop Mediaservice.net.
In a detailed dissection of the bug, Ivaldi describes the flaw as a "Cute straight-out-of-the-manual memory corruption" issue, and suggested a number of similar bugs are likely to exist.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/15/oracle_january_patches/
Related news
- Oracle Linux 9 Update 5 brings security updates, OpenJDK 17, .NET 9.0 (source)
- December 2024 Patch Tuesday forecast: The secure future initiative impact (source)
- Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- Vanir: Open-source security patch validation for Android (source)
- What Is Patch Tuesday? Microsoft’s Monthly Update Explained (source)
- January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-15 | CVE-2020-2696 | Unspecified vulnerability in Oracle Solaris 10 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). | 8.8 |