Oracle Ties Previous All-Time Patch High with January Updates
Arthur T Knackerbracket has found the following story:
Oracle has patched 334 vulnerabilities across all of its product families in its January 2020 quarterly Critical Patch Update (CPU). Out of these, 43 are critical/severe flaws carrying CVSS scores of 9.1 and above. The CPU ties for Oracle's previous all-time high for number of patches issued, in July 2019. This overtook its previous record of 308 in July 2017.
The company said in a pre-release announcement that some of the vulnerabilities affect multiple products.
"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update patches as soon as possible," it added.
The updates include fixes for Oracle's most widely deployed products, including the Oracle Database Server (12 patches total, three remotely exploitable without authentication); Oracle Communications Applications (25 patches, 23 remotely exploitable without authentication, six critical); Oracle Enterprise Manager (50 patches, 10 remotely exploitable without authentication, four critical); Oracle Fusion Middleware (38 patches, 30 remotely exploitable without authentication, three critical); 19 new security patches for Oracle MySQL (19 patches, six remotely exploitable without authentication); and the Oracle E-Business Suite (23 patches, 21 remotely exploitable without authentication, two critical).
-- submitted from IRC
Read more of this story at SoylentNews.