Oracle has published a planned release of updates to its products (Critical Patch Update), aimed at eliminating critical problems and vulnerabilities. The July update fixed a total of 386 vulnerabilities.
Some problems:
- 6 security issues in Java SE and 7 issues in GraalVM. All vulnerabilities in Java SE can be exploited remotely without authentication and affect environments that allow the execution of untrustworthy code. The most dangerous issues in Java SE and GraalVM have a severity level of 7.4 (Hotspot vulnerability) and 8.2 (Node.js vulnerability) out of 10. The vulnerabilities are fixed in Java SE releases 22.0.2, 21.0.4, 17.0.12, 11.0.24 , 8u421.
- 22 vulnerabilities in server MySQL, all of which can only be exploited locally. The most severe issues have a severity level of 6.5 and are related to a vulnerability in the optimizer. Less severe vulnerabilities affect InnoDB, Thread Pooling, DDL, the optimizer, Pluggable Auth, the connection handler, and the authentication system. The issues are fixed in MySQL Community Server 9.0.0, 8.4.1, and 8.0.38.
- 3 vulnerabilities in VirtualBox, one of which is marked as dangerous (8.2 out of 10). Details about the vulnerabilities are not disclosed, but judging by the severity level set, the vulnerability allows access to the host environment from guest systems. The vulnerabilities are fixed in the VirtualBox 7.0.20 update.
- 1 vulnerability in Solaris that affects the file system (severity level 3.3 out of 10). The vulnerability is fixed in the Solaris 11.4 SRU71 update. In addition to eliminating the vulnerability, the new version also updated package versions Explorer 24.3, libffi 3.2.1, Unbound 1.20.0, Jinja2 3.1.4, Apache HTTP Server 2.4.59, git 2.39.4, libarchive 3.7.4, PHP 8.3.8, Firefox 115.12.0esr, Thunderbird 115.12.0, python-mod/django, utility/python and utility/gnu-indent.
Source: opennet.ru
