Oracle Patches 301 Vulnerabilities in October Update

[InfoSec News <alerts () infosecnews org>]

http://www.eweek.com/security/oracle-patches-301-vulnerabilities-in-october-update

By: Sean Michael Kerner
eWeek.com
October 18, 2018

Oracle's final Critical Patch Update (CPU) for 2018 is now available, 
patching 301 vulnerabilities spread across Oracle's product portfolio.

Of the 301 vulnerabilities, 49 are rated with a CVSS (Common 
Vulnerabilities Security Scoring) score of 9.0 or higher, with only a 
single issue garnering the top severity rating of 10.0 The October CPU 
became generally available on Oct.16 and includes patches for both 
first-party and third-party components that Oracle develops and ships in 
its products.

"As with previous Critical Patch Update releases, a significant proportion 
of the patches is for third-party components (non-Oracle CVEs, including 
open source components)," Eric Maurice, director of security assurance at 
Oracle, wrote in a blog post.

While 331 flaws is a large number, it is actually fewer than the 334 that 
Oracle patched in the last CPU that it released on July 18. Looking at the 
most severe flaw across the 331, the single CVSS 10.0 was given to the 
CVE-2018-2913 flaw in Oracle's GoldenGate software.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_