Oracle has published a planned release of updates to its products (Critical Patch Update), aimed at eliminating critical issues and vulnerabilities. The January update fixes 337 vulnerabilities.
Some issues:
- 11 issues securityin Java SE. All vulnerabilities in Java SE can be exploited remotely without authentication and affect environments that allow the execution of untrustworthy code. The most dangerous issues in Java SE are at severity level 7.5 and affect JavaFX (WebKitGTK, libxslt), AWT and security. The vulnerabilities have been resolved in Java SE 25.0.2, 21.0.10, 17.0.18, 11.0.30, 8u481 releases.
- 14 vulnerabilities in the MySQL server, two of which can be exploited remotely. The most serious problem has a critical severity level (9.8) and is present in the official Docker image with MySQL. Less severe vulnerabilities affect OpenSSL, InnoDB, optimizer, DDL, parser, Pluggable Auth and Thread Pooling. Issues resolved in MySQL Community Server 9.6.0 and 8.0.45.
- 14 vulnerabilities in VirtualBox, five of which marked as dangerous (8.2 out of 10). One of the vulnerabilities can be exploited remotely. Details about the nature of the vulnerabilities are not disclosed. The issues will be fixed in the release of VirtualBox 7.2.6 expected within a day.
- 4 vulnerabilities in Solaris that affect drivers, kernel and file system (maximum danger level 5.8 out of 10). The vulnerabilities are fixed in the Solaris 11.4 SRU89 update. The new version of Solaris also includes updated versions of Wireshark 4.6.2, Firefox 140.6.0esr, Thunderbird 140.6.0esr, Unbound 1.24.2, Apache httpd 2.4.66, OpenSSH 10.2, Django 5.2.9 and squid 7.3 packages.
/Reports, release notes, official announcements.