Oracle has issued a big collection of critical patches for its various offerings. The company says that due to a threat posed by a successful attack, it strongly recommends that customers apply the fixes as soon as possible.
The update contains a127 new fixes. 51 of them are for Java. Others are for Database, Fusion Middleware, Enterprise Manager, E-Business Suite, Oracle Supply Chain, PeopleSoft, Siebel, iLearning, Oracle Health Sciences Products Suite, Oracle Retail Products Suite, Oracle FlexCube, Oracle Primavera Products Suite, Oracle and Sun Systems Products Suite, Oracle Linux and Virtualization and Oracle MySQL Product Suite.
“The Oracle Database, Oracle Fusion Middleware, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite Applications, JD Edwards EnterpriseOne, JD Edwards OneWorld Tools, PeopleSoft Enterprise Portal Applications, PeopleSoft Enterprise PeopleTools, Siebel Enterprise, Industry Applications, Primavera and Oracle VM patches in the Critical Patch Updates are cumulative,” Oracle said. “In other words, patches for any of these products included in a Critical Patch Update will include all fixes for that product from the previous Critical Patch Updates. For more information about cumulative and non-cumulative patches, check the patch availability documents in the table below for the respective product groups.”
“Until you apply the CPU fixes, it may be possible to reduce the risk of successful attack by blocking network protocols required by an attack,” Oracle says. “For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from users that do not need the privileges may help reduce the risk of successful attack. Both approaches may break application functionality, so Oracle strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem.”
Starting this month, the Java SE Critical Patch update will be released quarterly.
More on the updates here.