Oracle has published a planned release of updates to its products (Critical Patch Update), aimed at eliminating critical problems and vulnerabilities. In the January update, a total of 497 vulnerabilities were fixed.
Some problems:
- 17 security issues in Java SE. All vulnerabilities can be exploited remotely without authentication and affect environments that allow the execution of untrustworthy code. The issues have a moderate severity level - 16 vulnerabilities are assigned a severity level of 5.3, and one - 3.7. The issues affect the 2D subsystem, Hotspot VM, serialization functions, JAXP, ImageIO, and various libraries. The vulnerabilities are fixed in Java SE 17.0.2, 11.0.13, and 8u311 releases.
- 30 vulnerabilities in the MySQL server, of which one can be exploited remotely. The most serious problems that are associated with the use of the Curl package and the work of the optimizer are assigned severity levels 7.5 and 7.1. Less dangerous vulnerabilities affect the optimizer, InnoDB, encryption tools, DDL, stored procedures, privilege system, replication, parser, data schemas. The issues are fixed in MySQL Community Server 8.0.28 and 5.7.37 releases.
- 2 vulnerabilities in VirtualBox. The problems are assigned severity levels 6.5 and 3.8 (the second vulnerability only occurs on the Windows platform). The vulnerabilities were fixed in the VirtualBox 6.1.32 update.
- 5 vulnerability in Solaris. The problems affect the kernel, installer, file system, libraries, and crash tracking subsystem. Problems are assigned severity levels of 6.5 and below. The vulnerabilities were fixed in the Solaris 11.4 SRU41 update.
- Vulnerabilities were fixed in the Log4j 2 library. A total of 33 vulnerabilities were fixed due to problems in Log4j 2, which manifested themselves in products such as
- Oracle Web Logic Server,
- Oracle WebCenter Portal,
- Oracle Business Intelligence Enterprise Edition,
- Oracle Communications Diameter Signaling Router,
- Oracle Communications Interactive Session Recorder,
- Oracle Communications Service Broker
- Oracle Communications Services Gatekeeper,
- Oracle Communications WebRTC Session Controller,
- Primavera Gateway,
- Primavera P6 Enterprise Project Portfolio Management,
- Primavera Unifier,
- Instantis EnterpriseTrack,
- Oracle Financial Services Analytical Applications Infrastructure,
- Oracle Financial Services Model Management and Governance,
- Oracle Managed File Transfer,
- Oracle Retail*,
- Siebel UI Framework,
- Oracle Utilities Testing Accelerator.
Source: opennet.ru