October 18, 2023 at 08:48AM
Oracle has released 387 new security patches as part of the October 2023 CPU. Over 40 patches address critical-severity flaws and more than 200 resolve bugs that can be remotely exploited. The patches cover various Oracle products, with Financial Services Applications receiving the most fixes. Oracle advises customers to apply the patches promptly to protect against potential attacks.
From the meeting notes, the key takeaways are as follows:
– Oracle has released 387 new security patches as part of the October 2023 CPU to address vulnerabilities in its own code and third-party components.
– There are more than 40 critical-severity flaws and over 200 bugs that can be remotely exploited without authentication, which have been addressed by the security patches.
– Oracle’s October 2023 CPU includes 185 unique CVEs, affecting multiple products, although not all are new and some may be non-exploitable for the impacted Oracle products.
– Financial Services Applications received the largest number of security patches, with 103 fixes, of which 49 address vulnerabilities that can be remotely exploited without authentication.
– Oracle Communications received 91 security patches, including 60 that address unauthenticated, remotely exploitable issues.
– Other Oracle products, such as Fusion Middleware, MySQL, Analytics, Retail Applications, Database Server, Communications Applications, Commerce, GoldenGate, Enterprise Manager, Java SE, PeopleSoft, E-Business Suite, Construction and Engineering, Systems, Utilities, Health Sciences Applications, Siebel CRM, Hyperion, Hospitality Applications, Essbase, REST Data Services, JD Edwards, Supply Chain, Secure Backup, TimesTen In-Memory Database, HealthCare Applications, and Insurance Applications, also received various patches.
– Oracle also published the October 2023 Oracle Linux Bulletin, including 61 security patches for as many unique CVEs mentioned in Oracle Linux Security Advisories.
– Oracle Solaris had 14 new security patches, 12 of which addressed remotely exploitable, unauthenticated flaws. There were 15 unique CVEs in the bulletin, and a critical-severity bug in VM Server for x86 was also patched.
– Oracle strongly encourages its customers to apply these security patches as soon as possible, and recommends reviewing previously released security updates for those who skipped one or more CPUs.
– Failure to apply available Oracle patches has led to reported malicious attacks, so it is essential for customers to prioritize the patching process.
– Additional information can be found on Oracle’s Security Alerts page.
This summary captures the main points discussed in the meeting notes relating to Oracle’s October 2023 CPU and the corresponding security patches.