Oracle releases its largest Critical Patch Update with security fixes for products across the company’s portfolio.
Oracle released its latest Critical Patch Update on July 18, fixing 334 vulnerabilities across the company’s product portfolio. The company rated 61 of the vulnerabilities as having critical impact.
Among the products patched by Oracle are Oracle Database Server, Oracle Global Lifecycle Management, Oracle Fusion Middleware, Oracle E-Business Suite, Oracle PeopleSoft, Oracle Siebel CRM, Oracle Industry Applications, Oracle Java SE, Oracle Virtualization, Oracle MySQL and Oracle Sun Systems Products Suite. While there are issues of varying severity in the update, Oracle is blaming third-party components as being the cause of the majority of the critical issues.
Looking at flaws in Java, Oracle’s July CPU provides eight security fixes, though organizations likely need to be cautious when applying the patches, as certain functionality has been removed.
“Several actions taken to fix Java SE vulnerabilities in the July CPU are likely to break the functionality of certain applications,” security firm Waratek warned in an advisory. “Application owners who apply binary patches should be extremely cautious and thoroughly test their applications before putting patches into production.”
The reason why the Oracle fixes could break application functionality is because Oracle has decided to remove multiple vulnerable components from its Java Development Kit (JDK).