Oracle has published the Pre-Release Announcement for the July 2016 Critical Patch Update. It’s quite a huge update with not less than 276 security vulnerability fixes across the Oracle products. For the Oracle Database itself are 9 security fixes
available. Dies ist wiederum eines der größeren Critical Patch Update for databases. It does contain bug fix for some major security issues. Five of the vulnerabilities are remotely exploitable without authentication. The security bug fixes are for the Oracle Database Server as well for client-only installations. That means three of the security fixes are for client-only installations.
The highest CVSS Base Score of vulnerabilities affecting Oracle Database Server is 9.0. The following components are affected:
- Application Express
- Data Pump Import
- Database Vault
- DB Sharding
- JDBC
- OJVM
- Portable Clusterware
- RDBMS Core
We will see all the details next Tuesday when Oracle is officially releasing official Critical Patch Update for July 2016. Next week I’ll have a closer look and do some test installations.
More details about the patch will follow soon on the Oracle Security Pages.