Multiple Vulnerabilities in Oracle Products
History:
- 19/10/2018 --- v1.0 -- Initial publication
Summary
On 16th of October 2018, Oracle released a critical patch bundle that addresses several security vulnerabilities. The patch contains 301 new fixes since the last patch. The addressed vulnerabilities affect many Oracle products including among others Oracle Database, Oracle Communications, Enterprise Manager, Fusion Middleware, Java, MySQL, Retail Applications, Peoplsoft, and others.
Technical Details
The vulnerabilities affect a large number of Oracle products that can be potentially exploited. In most of the listed vulnerabilities the adversary can exploit various protocols remotely without prior authentication [1]. The patches are cumulative. That means, it is only a complementary update to the systems since the previous update.
Versions Affected
Please refer to the Oracle's Critical Patch Update Advisory - October 2018 [1].
Recommendations
- Depending on your Oracle software, address all the previous patch releases [2].
- Apply the missing patches as soon as possible .
References
[1] https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
[2] https://www.oracle.com/technetwork/topics/security/alerts-086861.html