Oracle Posted Planned issuance of updates of its products (Critical Patch Update) aimed at eliminating Critical problems and vulnerabilities. In the January update in total, the 497 vulnerabilities .
Some problems:
- 17 security problems in java se. All vulnerabilities can be operated remotely without authentication and affect environments that make not a trustworthy code. Problems have a moderate danger level – 16 vulnerabilities have been assigned a hazard level
5.3, and one – 3.7. Problems affect the 2D subsystem, HotSpot VM, serialization, jaxp, imageio and various libraries.
Vulnerabilities are eliminated in the releases Java SE 17.0.2, 11.0.13 and 8U311 . - 30 vulnerabilities in the MySQL server, of which one can be exploited remotely. The most serious problems that are related to the use of the CURL package and the operation of the optimizer are assigned hazard levels 7.5 and 7.1. Less dangerous vulnerabilities affect the optimizer, InnoDB, encryption, DDL, stored procedures, privilege system, replication, parser, data schemes. Problems are eliminated in the releases of MySQL Community Server 8.0.28 and 5.7.37 .
- 2 vulnerabilities in VirtualBox. The problems are assigned the level of danger 6.5 and 3.8 (the second vulnerability is manifested only on the Windows platform). Vulnerabilities are eliminated in updating VirtualBox 6.1.32.
- 5 Vulnerability in Solaris. Problems affect the kernel, the installer, the file system, libraries and the tracking of failures. Problems are assigned danger levels 6.5 and below. Empty is eliminated in updating Solaris 11.4 SRU41 .
- work to eliminate vulnerabilities in the Log4J 2 library in Oracle products. Total corrected 33 vulnerabilities caused by problems in the Log4j 2, which were apparent in products such as Oracle WebLogic Server, Oracle WebCenter Portal, Oracle Business Intelligence Enterprise Edition, Oracle Communications Diameter Signaling Router, Oracle Communications Interactive Session Recorder, Oracle Communications Service Broker, Oracle Communications Services Gatekeeper, Oracle Communications WebrTc Session Controller,
Primavera Gateway, Primavera P6 Enterprise Project Portfolio Management, Primavera Unifier, Instantis EnterpriseTrack, Oracle Financial Services Analytical Applications Infrastructure, Oracle Financial Services Model Management and Governance, Oracle Managed File Transfer, Oracle Retail *, Siebel UI Framework, Oracle Utilities Testing Accelerator.
/Media reports.