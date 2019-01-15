Oracle addresses nearly 300 vulnerabilities in the first Critical Patch Update of 2019.
Background
On January 15, Oracle released its Critical Patch Update, a quarterly publication of fixes for vulnerabilities. This month's update contains nearly 300 fixes across a number of Oracle products.
Analysis
The Critical Patch Update for January 2019 addresses a variety of vulnerabilities. For instance, Oracle published 30 fixes for MySQL, including a fix for MySQL Workbench to address the libssh vulnerability (CVE-2018-10933). There are also several fixes for CVE-2017-5645, a deserialization vulnerability in Apache Log4j, as well as CVE-2016-1000031, the Apache Commons FileUpload Remote Code Execution vulnerability discovered by Tenable Research.
The following is the full list of products with vulnerabilities addressed in this month's release:
-
Oracle Database Server
-
Oracle Communications Applications
-
Oracle Construction and Engineering Suite
-
Oracle E-Business Suite
-
Oracle Enterprise Manager Products Suite
-
Oracle Financial Services Applications
-
Oracle Food and Beverage Applications
-
Oracle Fusion Middleware
-
Oracle Health Sciences Applications
-
Oracle Hospitality Applications
-
Oracle Hyperion
-
Oracle Insurance Applications
-
Oracle Java SE
-
Oracle JD Edwards Products
-
Oracle MySQL
-
Oracle PeopleSoft Products
-
Oracle Retail Applications
-
Oracle Siebel CRM
-
Oracle Sun Systems Products Suite
-
Oracle Supply Chain Products Suite
-
Oracle Support Tools
-
Oracle Utilities Applications
-
Oracle Virtualization
Solution
Customers are advised to apply all relevant patches provided by Oracle in this Critical Patch Update.
Identifying affected systems
A list of Nessus plugins to identify these vulnerabilities will appear here as they're released.
