200 vulnerabilities in different products, Oracle now includes the quarterly Update. Including also a prominent and critical security leak in Java.
Oracle released Updates for 193 vulnerabilities in Oracle products. In addition to various other products, Oracle released more than 20 Patches for Java. Under the closed leaks, a Zero-Day vulnerability that is being exploited for attacks is.
Affected products include the Oracle Database, Fusion Middleware, Hyperion, Enterprise Manager, the E-Business Suite, Supply Chain Suite, Oracle, PeopleSoft Enterprise, Siebel CRM, Communications Applications, the Oracle Sun Systems Products Suite, Oracle Linux, Oracle, Virtualization, and MySQL as well.
Among the Patches 25 Fixes for Oracle Java Standard Edition, of which 23 remotely and without authentication taking advantage of are. 16 Updates are limited to Clients, five relate to the Client and the Server, and a Fix for a Problem with the Installation of Java SE for Mac.
Four of these Updates are also directed at the JSSE Client and Server Deployments. “Please note! This critical Update addresses a known Zero-Day bug (CVE-2015-2590), which is also exploited already,” said Eric Maurice, Oracle’s Blog.
This leak has been exploited for espionage attacks on the military of a Nato state, as well as a US authority. The attackers rely on Phishing emails. Oracle had known the Trend Micro discovered a gap be advised users to disable the Java runtime environment.
In addition, the Oracle points in the framework of the Patch-Days that users should commit to the unscheduled Patch in may that resolves the so-called Venom vulnerability. The vulnerability occurs in the QEMU Virtual Floppy Disc Controller. Many virtualization products make use of this Controller and the leak can be from a logged-in user to run – however, that is not remote. However, an attacker can access on the rights for a host System to the Hypervisor process on the Host System, especially for the Hosting-provider represents a significant security problem.
In the July Update, the Oracle points out, an Update in may to record that resolves the Venom-gap. (Image: CrowdStrike)