Oracle's critical security update: 154 problems fixed in latest patch

Number: IRCNE2015102664

Date: 2015/10/24

According to “zdnets”, Oracle's October critical patch update includes security updates and patches for 154 vulnerabilities including a flaw which allows an attacker full control over a vulnerable system.

The California-based company's October 2015 Critical Patch Update includes 154 fixes which patch holes in a wide range of products, including Oracle Database, Fusion Middleware, Hyperion, Enterprise Manager, Oracle Linux & Virtualization, Java and MySQL.

In total, 8 fixes have been issued for Oracle Database, and the most severe vulnerability allowed attackers to remotely exploit a system without authentication, potentially resulting in the total loss of system control by the user.

The vulnerability, CVE-2015-4863, has been given a CVSS Base Score of 10.0. In addition, three other database vulnerabilities were given a CVSS Base Score of 9.0.

Another security flaw at the top of the severity list impacts the Oracle Sun Systems Products Suite. CVE-2015-4915, which has been awarded a CVSS Base Score of 10.0, is a vulnerability related to the Integrated Lights Out Manager (ILOM) -- which, unfortunately, is used across a wide range of products.

Oracle has also provided 23 security fixes for Oracle Fusion Middleware, 16 of which are remote exploit flaws, one low-severity fix for Hyperion and five fixes for Oracle's Enterprise Manager Grid Control software.

Oracle has patched up 25 vulnerabilities, 24 of which allow for remote execution -- and the highest risk score awarded to one of these flaws is 10.0.

In total, 20 of the vulnerabilities are browser-based, while the remaining five impact on client and server deployments.

The Wall

No comments
You need to sign in to comment

news specifications

Added 2 Aban 1394



Your rate:
Total: (0 rates)