Recently, just in the middle of the summer holidays, Oracle has released the third Critical Patch Advisory for its products. It seems there’s a lot of work going on in Redwood Shore. Oracle has fixed about 319 security vulnerabilities across their products. The Oracle database is relatively prominently represented with 9 security vulnerabilities and a maximal CVSS rating of 9.8. The problem CVE-2018-11058 with such a high CVSS rating is related to Core RDBMS and affects all Oracle releases on various platforms. In addition this vulnerability can also be exploited remotely over the network. 3 of the security bug fixes are for client-only installations. So you have to patch your database servers as well the clients.<\/p>\n
Oracle Unified Directory itself is not mentioned in the Oracle Critical Patch Update Advisory<\/a>. But the MOS note 2385785.1<\/a> Information And Bug Listing of Oracle Unified Directory Bundle Patches: 12.2.1.3.x (12cR2PS3) Version<\/em> does provide information on the latest bundle patch for OUD. Beside this patch, There are updates for Oracle WebLogic and Oracle Java as well (see links below).<\/p>\n The highest CVSS Base Score of vulnerabilities affecting Oracle Database Server is 9.8. The following components are affected:<\/p>\n Oracle Java VM is not installed by default. It is therefore recommended that you check your database environment to see if it is necessary to apply this critical patch update.<\/p>\n For Oracle Fusion Middleware the situation looks somehow different. The Critical Patch Update includes not less than 33 fixes for vulnerabilities. Several of the vulnerabilities may be remotely exploitable without authentication and are rated with the highest CVSS rating of 9.8.<\/p>\n By the way, I’ve just update my Docker build scripts for Oracle Databases as well Oracle Unified Directory on GitHub<\/a> to use the latest release updates. Ok, I still haven’t improved the documentation, but at least the build scripts are up to date. \ud83d\ude42<\/p>\n A few links related to this Critical Patch Update.<\/p>\n Recently, just in the middle of the summer holidays, Oracle has released the third Critical Patch Advisory for its products. It seems there’s a lot of work going on in Redwood Shore. Oracle has fixed about 319 security vulnerabilities across their products. The Oracle database is relatively prominently represented with 9 security vulnerabilities and a […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"A few notes on the latest @Oracle Critical Patch Advisory July 2019 #OrclDB #Security #Database","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[8,83,158,180,181,46,114,11,116],"tags":[130,111],"class_list":["post-3140","post","type-post","status-publish","format-standard","hentry","category-11gr2","category-12cr1","category-12cr2","category-18c","category-19c","category-cpu","category-psu-2","category-security","category-spu","tag-trivadis","tag-tvdsecexpert"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1aErb-OE","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":2397,"url":"https:\/\/www.oradba.ch\/wordpress\/2017\/10\/oracle-cpu-psu-announcement-october-2017\/","url_meta":{"origin":3140,"position":0},"title":"Oracle CPU \/ PSU Announcement October 2017","author":"Stefan","date":"18. October 2017","format":false,"excerpt":"The Oracle open world 2017 is over, the dust just settled down. A perfect time for Oracle to release the October critical patch advisory. With not less than 270 new security vulnerability fixes across the Oracle products it seems to be a rather huge update. From the DB perspective it\u2026","rel":"","context":"In "11gR2"","block_context":{"text":"11gR2","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/11gr2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2549,"url":"https:\/\/www.oradba.ch\/wordpress\/2018\/04\/oracle-cpu-psu-april-2018\/","url_meta":{"origin":3140,"position":1},"title":"Oracle CPU \/ PSU April 2018","author":"Stefan","date":"18. April 2018","format":false,"excerpt":"Oracle recently released the spring Critical Patch Advisory. It is the first critical patch update, which also includes fixes for Oracle 18c. Over all it includes 254 new security fixes across the product families. Overall a rather large update, although only a security vulnerability is patched for the Oracle databases.\u2026","rel":"","context":"In "11gR2"","block_context":{"text":"11gR2","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/11gr2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2815,"url":"https:\/\/www.oradba.ch\/wordpress\/2018\/10\/oracle-cpu-psu-advisory-october-2018\/","url_meta":{"origin":3140,"position":2},"title":"Oracle CPU \/ PSU Advisory October 2018","author":"Stefan","date":"22. October 2018","format":false,"excerpt":"Oracle has recently published the Critical Patch Update Advisory for the October 2018. It's once more quite a heavy update with not less than 301 security vulnerability fixes across the Oracle products. The Oracle database is relatively prominently represented with 3 security vulnerabilities and a maximal CVSS rating of 9.8.\u2026","rel":"","context":"In "12R2"","block_context":{"text":"12R2","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/12r2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2270,"url":"https:\/\/www.oradba.ch\/wordpress\/2017\/04\/oracle-cpu-psu-announcement-april-2017\/","url_meta":{"origin":3140,"position":3},"title":"Oracle CPU \/ PSU Announcement April 2017","author":"Stefan","date":"19. April 2017","format":false,"excerpt":"Last night Oracle released there new Critical Patch Update. From the DB perspective it is a rather small patch update. It just includes 2 fixes for security vulnerabilities on Oracle database 11.2.0.4 and 12.1.0.2. None of the vulnerabilities are remote exploitable without authentication but one fix is also for client\u2026","rel":"","context":"In "11gR2"","block_context":{"text":"11gR2","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/11gr2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1671,"url":"https:\/\/www.oradba.ch\/wordpress\/2014\/04\/oracle-cpu-psu-pre-release-announcement-april-2014\/","url_meta":{"origin":3140,"position":4},"title":"Oracle CPU \/ PSU Pre-Release Announcement April 2014","author":"Stefan","date":"11. April 2014","format":false,"excerpt":"Today Oracle has published the Pre-Release Announcement of the CPU Advisory for April 2014. This Critical Patch Update contains 103 new security vulnerability fixes for several Oracle products. There are only a few days since the publication of the vulnerability CVE-2014-0160 known as \"Heartbleed\". Therefore I assume, that this patch\u2026","rel":"","context":"In "11gR1"","block_context":{"text":"11gR1","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/11gr1\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":788,"url":"https:\/\/www.oradba.ch\/wordpress\/2012\/05\/important-links-around-the-oracle-cpu-psu-april-2012\/","url_meta":{"origin":3140,"position":5},"title":"Important links around the Oracle CPU \/ PSU April 2012","author":"Stefan","date":"8. May 2012","format":false,"excerpt":"A few weeks ago oracle officially released the CPU \/ PSU Patches for April 2012. The Critical Patch Updates contains 88 security fixes across all products. But only 6 out of this 88 fixes are for Oracle databases. This post will summarize a bit the information and links around this\u2026","rel":"","context":"In "Critical Patch Update"","block_context":{"text":"Critical Patch Update","link":"https:\/\/www.oradba.ch\/wordpress\/category\/patches\/cpu\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/3140","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/comments?post=3140"}],"version-history":[{"count":1,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/3140\/revisions"}],"predecessor-version":[{"id":3141,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/3140\/revisions\/3141"}],"wp:attachment":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/media?parent=3140"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/categories?post=3140"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/tags?post=3140"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n