Oracle has published a scheduled release of updates to its products (Critical Patch Update), aimed at eliminating critical problems and vulnerabilities. The July update fixes a total of 342 vulnerabilities.
Some problems:
- 4 Security Issues in Java SE. All vulnerabilities can be exploited remotely without authentication and affect environments that allow the execution of untrustworthy code. The most dangerous issue that affects the Hotspot virtual machine is assigned a severity level of 7.5. Vulnerability in environments that allow execution of untrusted code. The vulnerabilities have been resolved in Java SE 16.0.2, 11.0.12, and 8u301 releases.
- 36 vulnerabilities in the MySQL server, 4 of which can be exploited remotely. The most serious problems associated with the use of the Curl package and the LZ4 algorithm are assigned danger levels 8.1 and 7.5. Five issues affect InnoDB, three affect DDL, two affect replication, and two affect DML. 15 problems with severity level 4.9 appear in the optimizer. The issues were resolved in MySQL Community Server 8.0.26 and 5.7.35 releases.
- 4 vulnerabilities in VirtualBox. The two most dangerous problems have a severity level of 8.2 and 7.3. All vulnerabilities allow only local attacks. The vulnerabilities are fixed in the VirtualBox 6.1.24 update.
- 1 vulnerability in Solaris. The issue affects the kernel, has a severity level of 3.9 and is fixed in the Solaris 11.4 SRU35 update.
Source: opennet.ru