Yesterday, Oracle released their quarterly Critical Patch Update (CPU) for April 2012. Oracle CPUs are collections of security updates, which fix security flaws in the wide-range of products Oracle offers. According to their April advisory, this quarter’s CPU fixes 88 vulnerabilities in many of their products, including
- Oracle Database
- Oracle Application Server
- Oracle Identity Manager
- Oracle JDeveloper
- Oracle PeopleSoft
- Oracle MySQL Server
- and many other products.
For a complete list of the affected Oracle products, see the “Affected Products and Components” section of their advisory.
Oracle’s advisory doesn’t describe every flaw in technical detail. However, they do describe their scopes and general impact, as well as assign each of them CVSS severity scores. The 88 vulnerabilities differ greatly in their scope and impact, but the worst of them pose a pretty critical risk. For instance, unauthenticated, remote attackers can exploit a few of the Oracle Database vulnerabilities to gain unauthorized access to your database server. The update also includes a critical fix for JRocket with the highest CVSS score of 10.
If you manage any of the Oracle products listed in their April CPU advisory, I recommend you visit the Patch Availably section of their alert, and download, test and deploy the appropriate updates as soon as you can. — Corey Nachreiner, CISSP (@SecAdept).
Good to know about it.
Oracle Technology Network provides services and resources to help developers.
Hi there I am so thrilled I found your website, I really found you
by accident, while I was browsing on Google for something else, Regardless I am here now and would just like
to say cheers for a tremendous post and a all round interesting blog (I also love the theme/design), I don’t have time
to read it all at the moment but I have bookmarked it and also added in your RSS feeds, so when I have time I will be back to read much more,
Please do keep up the fantastic work.
You can certainly see your expertise within the article you write.
The world hopes for more passionate writers like you
who are not afraid to mention how they believe. Always go after
your heart.