Critical Patch Update: Oracle's quarterly update delivers 386 security patches
Attackers can exploit critical gaps in Oracle HTTP Server or MySQL Cluster, among others.
The software manufacturer Oracle publishes security updates on a quarterly basis and now provides 386 patches for its almost complete software portfolio for download.
Admins should check the long list as soon as possible and install the updates that apply to them. If this is not done, attackers can, in the worst case, compromise systems completely using malicious code.
Critical malicious code gaps
Vulnerable systems include Commerce, Enterprise Manager, Fusion Middleware and PeopleSoft. There are currently no reports of ongoing attacks. Often, attackers can exploit the vulnerabilities remotely without authentication.
This is the case, for example, with the malware vulnerability (CVE-2024-23897"critical") in Communications Cloud Native Core Automated Test Suite.
Oracle has scheduled the next quarterly update for October 15, 2024. If critical, attacked security vulnerabilities emerge meanwhile, the software manufacturer usually publishes emergency updates.
(des)