Oracle has released a scheduled Critical Patch Update for its products, targeting critical issues and vulnerabilities. The June update addresses 245 vulnerabilities.
Some problems:
- 1 vulnerability in server MySQL, which can be exploited remotely without authentication. The issue relates to connection handling and has a severity rating of 7.5 out of 10. The vulnerability is fixed in MySQL Community Server 9.7.1 and 8.4.10.
- 10 vulnerabilities in VirtualBox, three of which are marked as dangerous (7.5 out of 10).
Details about the nature of the vulnerabilities are not disclosed, but it is noted that they are caused by issues in the implementation of VMM, shared directories, and the VMSVGA device. The issues were fixed in VirtualBox 7.2.10. - Three vulnerabilities exist in Solaris. One of the issues (CVE-2026-46978) is rated critical (10 out of 10). The vulnerability affects the Remote Administration Daemon and can be exploited to remotely gain administrator privileges by sending a specially crafted HTTPS request. Less severe vulnerabilities affect the file system (7.1 out of 10 severity) and standard libraries (4.4 out of 10). These vulnerabilities are fixed in Solaris 11.4 SRU93.
- There are no reported issues in Java SE and no corrective releases of Java SE have been generated.
Source: opennet.ru
