ProHoster > Blog > internet news > Updates for Java SE, MySQL, VirtualBox and other Oracle products with vulnerabilities fixed
Updates for Java SE, MySQL, VirtualBox and other Oracle products with vulnerabilities fixed
Oracle Company ΠΎΠΏΡΠ±Π»ΠΈΠΊΠΎΠ²Π°Π»Π° scheduled release of updates to their products (Critical Patch Update), aimed at eliminating critical problems and vulnerabilities. Fixed in the April update 297 vulnerabilities.
In issues Java SE 12.0.1, 11.0.3 and 8u212 fixed 5 security issues. All vulnerabilities can be exploited remotely without authentication. One vulnerability specific to the Windows platform assigned CVSS Score 9.0 (CVE-2019-2699), which corresponds to the critical severity level and allows an unauthenticated user over the network to compromise Java SE applications. Two vulnerabilities in the 2D graphics processing subsystem have been rated 8.1 (CVE-2019-2697, CVE-2019-2698). Details have not yet been disclosed.
In addition to issues in Java SE, vulnerabilities have been made public in other Oracle products, including:
12 vulnerabilities in VirtualBox, of which 7 are critical (CVSS Score 8.8). Vulnerabilities fixed in updates VirtualBox 6.0.6 and 5.2.28 (In note the fact of elimination of security problems is not advertised by the release). Details are not reported, but judging by the level of CVSS, vulnerabilities have been fixed, demonstrated at the Pwn2Own 2019 competition and allowing you to execute code on the side of the host system from the guest system environment.
allow you to attack the host system from the guest environment.
3 vulnerabilities on Solaris (maximum severity 5.3 - issues in the IPS package manager, SunSSH, and the lock management service. Issues are fixed in the release Solaris 11.4 SRU8, which also resumed support for the UCB libraries (libucb, librpcsoc, libdbm, libtermcap, libcurses) and the fc-fabric service, updated package versions
ibus 1.5.19, NTP 4.2.8p12,
Firefox 60.6.0esr
BIND 9.11.6
OpenSSL 1.0.2r,
MySQL 5.6.43 & 5.7.25,
libxml2 2.9.9,
libxslt 1.1.33,
Wireshark 2.6.7
ncurses 6.1.0.20190105,
Apache httpd 2.4.38,
perl 5.22.