Oracle has recently released its critical patch update for the third quarter of 2018. This Oracle critical patch update has been a massive one as it addressed around 300 different security flaws. These include 47 highly severe vulnerabilities as well.
Oracle Critical Patch Update Addressed Hundreds Of Security Flaws Together
On October 16, 2018, Oracle has released its massive patch update for the Q3 2018. This scheduled Oracle critical patch update contains fixes for 301 different security flaws. These include 47 different high-rated severity bugs as well.
As disclosed in Oracle’s security advisory, the firm has released patches for multiple security flaws identified in different Oracle products. All these vulnerabilities have achieved different severity ratings. However, this CPU holds significant importance for the users as it contains patches for 45 security flaws having 9.8 severity ratings and one with 9.6 severity rating. Whereas, one such flaw has achieved a severity level of 10.0 (out of 10)!
The products affected by these vulnerabilities include Oracle Database Server, having one JavaVM vulnerability (CVE-2018-3259) with a base score of 9.8; Oracle Big Data Graph having Big Data Graph (Apache Groovy) vulnerability (CVE-2016-6814) with a base score of 9.6, and Oracle Communications Applications having three such vulnerabilities of 9.8 base score.
In addition to these, other products carrying multiple vulnerabilities of 9.8 ratings include Oracle Construction and Engineering Suite, Oracle Enterprise Manager Products Suite, Oracle Fusion Middleware, Oracle Insurance Applications, Oracle JD Edwards Products, Oracle MySQL, Oracle Retail Applications, Oracle Siebel CRM, and Oracle Sun Systems Products Suite.
Oracle Will Reveal Detailed Advisories Soon
Presently, Oracle hasn’t revealed much technical details regarding individual vulnerabilities and their impact on the affected products. They have only listed the CVE numbers and quick descriptions for the flaws alongside the affected Oracle tools. These details will, however, be available soon.
Oracle describes its CPU as “collection of patches for multiple security vulnerabilities” that it releases periodically to patch different bugs. Oracle releases the CPUs on a quarterly basis, in the months of January, April, July, and October. The release dates are the dates falling on Tuesdays nearing 17th of these months. Hence, the next scheduled Oracle CPU is due for January 15, 2019, followed by CPU releases on April 16, 2019, July 16, 2019, and October 15, 2019, respectively.