Set to arrive on Tuesday 15 July, the update includes fixes for 20 vulnerabilities in Java SE, all of which can be exploited by an attacker remotely without the need for login credentials.
29 of the fixes are for Oracle’s Fusion Middleware suite, with 27 able to be exploited over a network without the need for a username and password. Affected middleware components include BI Publisher, Glassfish Server, HTTP Server, Jdeveloper, Webcenter Portal and Weblogic Server.
Another 15 of the critical patch update fix Oracle’s virtualisation software, eight of which are vulnerabilities that also can be remotely exploitable without authentication. Another 10 fixes patch Oracle MySQL
“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible,” the firm warned.
Oracle patches its software on a quarterly basis. This time last year, the firm issued a critical patch update plugging a total of 89 security holes across its product portfolio.
As with this year, the fixes focused mainly on remotely exploitable vulnerabilities in four widely used products, with 27 fixes issued for the Oracle Database, Fusion Middleware, the Oracle and Sun Systems Product Suite and the MySQL database.
Oracle issued its most recent previous patch update in April, delivering 104 fixes.
Quelle: The Inquirer