Oracle: 309 security updates for all possible products

Oracle held its quarterly “Critical Patch Update” patch day on Wednesday night. The company released 309 security patches for products across its portfolio.

In its July Oracle CPU overview, the company lists the individual vulnerabilities in its products. Of the 309 vulnerabilities, Oracle's developers classify nine as critical risks. Another 144 are considered high-risk and have a CVSS score of 7.0 to 8.9. Most of these vulnerabilities can be exploited by attackers from the network, in many cases without privileges on the system, i.e., without prior authentication.

According to Oracle's list of security vulnerabilities, a total of 111 products are affected. IT managers should check whether they are using any of these products and install the available updates as soon as possible. Oracle also points out that updates are only available for products that are still receiving “Premier Support” or are in the extended support phase; anyone using older software versions should first update to versions that are still supported.

The previous Oracle CPU took place in April. At that time, the manufacturer had to fix 378 vulnerabilities. The majority of these could be exploited remotely without prior registration.

(dmk)