Scary Oracle security issues – patch now!

Larry Ellison announced the self-patching database at OpenWorld this year. Until we get to that point, professional DBAs and system administrators need to keep their Oracle environments secure.

Right now, that means at least installing the patches Oracle provides quarterly in the Critical Patch Updates (CPUs). The latest from October 2017 is one of the scariest I have seen for a while. Out of a total of 251 issues, 156 can be remotely exploited without authentication. Everyone who is or can get behind your firewall can use them against you.

If you are running any of the following, you urgently need to install the October CPU:

  • Oracle Database
  • WebLogic Server
  • SOA Suite
  • WebCenter Content
  • Oracle Access Manager
  • GlassFish
  • BI Publisher
  • Oracle BPM
  • MySQL
  • VirtualBox

To nobody’s surprise, there are also newly discovered bugs in Java SE – 22 this time, of which 20 can be remotely exploited without authentication.

Most of the Oracle applications also have serious issues, including Oracle E-Business Suite, Hyperion, JD Edwards, PeopleSoft, and Siebel.

Stay safe. Patch your systems.

 

Don’t miss out on important information you need as an IT professional working with Oracle products. Sign up for the Oracle Tool Watch newsletter and get the free whitepaper “What Oracle is Doing Wrong (and Right) in the Cloud”