eWeek | Sean Michael Kerner
Oracle released its October Critical Patch Update, fixing 253 different vulnerabilities across the company product portfolio.
The update, released Oct. 18, is the second-largest ever issued by Oracle, outpaced only by the company’s July CPU in which 276 vulnerabilities were patched.Overall, Oracle’s patching updates have been growing in recent years, with 2016 set to be larger than in past years.Oracle’s latest Critical Patch Update, which fixes 253 vulnerabilities, is the company’s second-largest CPU ever. Oracle’s patching updates have been growing in recent years.
Oracle’s Fusion middleware is being patched for 29 security issues of which 19 are remotely exploitable without user authentication. The October Critical Patch Update also contains seven new security fixes for Oracle Java. All of the Java vulnerabilities may be remotely exploitable without authentication.
John Matthew Holt, CTO of Waratek, isn’t surprised at the large number of security issues patched by Oracle. Waratek is an application security firm with a focus on Java applications. Holt commented that the October update is largely the same as many recent updates from Oracle, though that’s not to say that they aren’t real and serious security issues.”Oracle is very serious about improving Java’s security and the evidence of those efforts is the constant stream of CVEs [Common Vulnerabilities and Exposures] that are identified and remediated every 90 days,” Holt said.