Oracle is piling on this month's Patch Tuesday with a collection of security fixes for 16 of its enterprise software platforms.
Among the massive wad of updates will be a package of 25 bug fixes for Java SE, 22 of which are remotely exploitable without authentication and 12 of which allow an attacker to take complete control of the targeted system, according to Oracle.
Also updated today was the Oracle Database platform. The company said it has released updates for versions 11g and 12c. That update squashes 31 bugs, with two being remotely exploitable – neither of which would allow for total control of the targeted system, we're told.
Fusion Middleware, meanwhile, will be on the receiving end of 18 security fixes, 14 of which Oracle says can be remotely exploited without authentication. None of the flaws would allow the attacker to take complete control of a targeted system, it's claimed, and the highest score given to any of the CVE-listed flaws was 7.5 of 10.
MySQL will receive fixes for 24 bugs, nine of which could be remotely exploited to gain partial control over a targeted system. The highest CVSS score for the updates was 8.0.
Oracle Enterprise Manager, Retail, and PeopleSoft also have updates to install. Primavera, E-Business Suite, Health Sciences and Supply Chain were also patched.
Along with Java, Oracle has issued patches for other Sun-related products: the Fujitsu servers M10-1, M10-4 and M10-4S, and Solaris. Of the 15 fixes for the server platforms, six were remotely exploitable and none would allow for complete control over the targeted system remotely, we're told.
The update comes in the wake of Patch Tuesday releases from Microsoft and Adobe which include critical fixes for Windows, Internet Explorer and Flash. This should make for a busy week for administrators tasked with testing and deploying the updates.
While Oracle doesn't usually post fixes as often as those two companies, its patches tend to be massive in scale, covering multiple products and platforms in a single release. ®