Four of them are rated on a scale of 1 to 10, with 9.6 points. Attackers can exploit without authentication from the distance. A total of Oracle resolves in its products, including MySQL, Virtualbox, and database servers, 276 vulnerabilities.
In the course of his scheduled July-patch day Oracle includes in its products a total of 276 weak. 13 of which are attributable to the Java SE. Of these, an attacker could exploit nine remotely and without authentication. Faulty versions 6 Update 115 and earlier, 7 Update 101 and earlier, as well as 8 Update 92 and earlier versions for Windows, Mac OS X, and Linux. The safety-relevant faults are stuck in the Java SE Embedded 8 Update 91 and JRockit R28.3.10.
Four of the vulnerabilities in Java is used to allow the network to exploit. Because Oracle classifies the complexity of the attack as a “low,” and they are classified in the ten-stage Common Vulnerability Scoring System (CVSS) with 9.6 points, it is likely that they will be used soon by Criminals. Users should install the Update immediately.
Oracle recommends switching to Java SE 8 Update 102. Updates for Java SE 6 and 7 get only customers who have purchased Java Support. The Patches are distributed via the Java Website and the automatic Update function of Java for Mac OS X and Windows.
In the framework of the July patch Tuesday, Oracle also provides numerous security-related Fixes for its database Server, Fusion Middleware, Enterprise Manager Grid Control, the E-Business Suite and the Supply Chain Products Suite. Also for Software, PeopleSoft, JD Edwards, Siebel and Sun system Patches are available.
In MySQL, 22 gaps are fixed. For the database software, versions 5.5.49, 5.6.30 and 5.7.12 and earlier are affected. Also prone to Virtualbox 5.0.26 and earlier. In the case of both the attacker could inject malicious code over the network and run it.
Oracle provides a schedule of four times a year Patches for its products. In January 2016 there were a total of 248, in April, 136. The next regular Oracle-patch day this year is for the 18. October planned. In the case of need but there are also unscheduled Patches. Java SE was delivered in March such a. The closed gap could be exploited to take over the System completely. However, Oracle is reprimanded by security experts and, in particular, in relation to Java, again and again, for long periods of time between the Patches. Other manufacturers that maintain similar to the widely-used Software, including Microsoft and Adobe, but in the meantime, Google also provide monthly security Updates for their products.
[mit Material von Stefan Beiersmann, ZDNet.de]
How well do you know the history of the virus? Check your Knowledge – with 15 questions on silicon.de.