Oracle to release 86 security patches, including 18 for MySQL

The company posted a preview of its latest quarterly patch batch, which is scheduled for Tuesday

Oracle is preparing to ship 86 patches covering security vulnerabilities in a wide span of its products, with 18 of the fixes aimed at the MySQL database alone.

Two of the MySQL vulnerabilities can be exploited by an attacker remotely without the need for a user name and password, according to a pre-release announcement posted on Oracle's website. At least one has a "base score" of 9.0 on the CVSS (Common Vulnerability Scoring System), which runs from 1 to 10, with 10 being the most dangerous.

The patch batch, which is scheduled for Tuesday, also includes one fix for Oracle's flagship database, including versions 10g R2, 11g R1 and 11gR2. While the vulnerability in question also has a CVSS base score of 9.0, it can't be exploited remotely without credentials, according to the announcement.

But another five patches will be shipped for Oracle Database Mobile/Lite Server, and all of them are remotely exploitable without requiring authentication, Oracle said. This grouping's highest CVSS base score is 10.0, according to Oracle.

Various components of Oracle Fusion Middleware, including WebLogic Server and Access Manager, will receive seven patches.

Some 13 patches concern Oracle Enterprise Manager Grid Control. All are exploitable remotely without credentials.

The remaining fixes set to ship Tuesday cover Oracle applications such as E-Business Suite and JD Edwards, as well as the Sun Storage Common Array Manager and Oracle's virtualization technology.

Oracle's last patch release, which came in October, fixed 109 problems.

Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris' email address is Chris_Kanaracus@idg.com

Tags: patches, applications, databases, security, software, Oracle

German researchers hack Galaxy S5 fingerprint login

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Endpoint Security and Data Protection

Protect your computers and data.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.