April 18, H Security – (International) Oracle patch day addresses 88 vulnerabilities. Oracle released 88 security patches as part of its scheduled April Critical Patch Update. One of the patches affects a series of vulnerabilities in the Java JRockit VM with a Common Vulnerability Scoring System (CVSS) Base Score of 10.0 — this is the highest possible level of vulnerability in the system. Oracle also closed holes with a CVSS score of 9.0 in Grid Engine and the Windows version of the database component Spatial (in non-Windows versions the vulnerability score of this flaw is 6.5). All other vulnerabilities have scores of 7.5 or lower. Of the 88 released updates, 6 patch holes directly in Oracle’s Database Server and 6 others might affect it indirectly via Enterprise Manager Grid Control. Of the Grid Control vulnerabilities, - 17 - four can be exploited remotely without authentication. The Oracle Fusion middleware software received 11 advisories, some of which affect Java and therefore also JRockit. Additionally, 17 patches were released for Oracle FLEXCUBE, 11 affect PeopleSoft Enterprise, and 6 relate to MySQL. Oracle released several patches for Solaris as well.
Ali Loney, on April 18, 2012