Oracle Patches 334 Flaws in July Critical Patch Update

By July 18, 2018 March 13th, 2019 News, Patching

Oracle releases its largest Critical Patch Update with security fixes for products across the company’s portfolio.

Oracle released its latest Critical Patch Update on July 18, fixing 334 vulnerabilities across the company’s product portfolio. The company rated 61 of the vulnerabilities as having critical impact.

Among the products patched by Oracle are Oracle Database Server, Oracle Global Lifecycle Management, Oracle Fusion Middleware, Oracle E-Business Suite, Oracle PeopleSoft, Oracle Siebel CRM, Oracle Industry Applications, Oracle Java SE, Oracle Virtualization, Oracle MySQL and Oracle Sun Systems Products Suite. While there are issues of varying severity in the update, Oracle is blaming third-party components as being the cause of the majority of the critical issues.


Java

Looking at flaws in Java, Oracle’s July CPU provides eight security fixes, though organizations likely need to be cautious when applying the patches, as certain functionality has been removed.

“Several actions taken to fix Java SE vulnerabilities in the July CPU are likely to break the functionality of certain applications,” security firm Waratek warned in an advisory. “Application owners who apply binary patches should be extremely cautious and thoroughly test their applications before putting patches into production.”

The reason why the Oracle fixes could break application functionality is because Oracle has decided to remove multiple vulnerable components from its Java Development Kit (JDK).


This article appeared in eWeek written by Sean Michael Kerner.

eWeek

print
Waratek

Author Waratek

Some of the world’s leading companies use Waratek to patch, secure and upgrade their mission critical web applications using our next generation technology. Waratek makes it easy for security teams to instantly patch known Java and .NET flaws with no downtime, protect their applications from known and Zero Day attacks, and virtually upgrade out-of-support Java applications – all without time consuming and expensive source code changes or unacceptable performance overhead.

More posts by Waratek
X