Oracle on Tuesday released its quarterly patch update. It includes 86 security fixes and runs the gamut of Oracle products, including database, middleware and applications.
All the fixes address security vulnerabilities that Oracle has rated from 0 to 10 on the Common Vulnerability Scoring System, or CVSS. The vulnerabilities in this patch with the highest score – that is, the highest severity – are for Oracle Database and MySQL. The most severe is for Oracle Database Mobile/Lite Server, previously known as just Oracle Database Lite. The risk is rated the highest it can be, at 10, and according to the patch update,”may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.”
Other high-severity vulnerabilities are for Oracle Database on Windows, and MySQL on Windows.
Here’s the breakdown of all the security fixes:
- Eighteen for MySQL
- Thirteen for Oracle Enterprise Manager
- Twelve for PeopleSoft
- Ten for Siebel
- Nine for E-Business Suite
- Eight for Sun products, seven of which are for Solaris
- Seven for Fusion Middleware
- Five for Oracle Database
- One for JD Edwards
- One for VirtualBox
- One for Oracle Supply Chain Management
The next security patches due out this year are on April 16, July 16 and Oct. 15.