Oracle released its quarterly Criticical Patch Update (CPU) yesterday [1]. As usual, the number of patches is quite intimidating. But remember these 104 fixes apply across the entire Oracle product range. Some of the highlights: CVE-2014-2406: A bug in Oracle's Database which allows a remotely authenticated user to gain control over the database. 37 new patches for Java SE, 35 of which allow remote execution as the user running the Java Applet (according to Oracle: "The CVSS scores below assume that a user running a Java applet or Java Web Start application has administrator privileges (typical on Windows)". 4 of the Java vulnerabilities have a base CVSS score of 10 indicating not only full remote code execution but also easy exploitability. [1] http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html ------ |
Johannes 4069 Posts ISC Handler Apr 16th 2014 |
Thread locked Subscribe |
Apr 16th 2014 6 years ago |
Sign Up for Free or Log In to start participating in the conversation!