Oracle Patch Update July 2016 (Database Server)

Oracle have released their latest critical patch update for Database Server yesterday (19/7). This Oracle Critical Patch Update includes seven new security fixes for Oracle Database impacting the below supported versions:

  • Oracle Database Server 11.2.0.4
  • Oracle Database Server 12.1.0.1
  • Oracle Database Server 12.1.0.2

Importantly three of these vulnerabilities may be exploitable remotely without authentication, this means that they may be exploited over a network without the need for u/name & password credentials. These are CVE-2016-3506, CVE-2016-347 and CVE-2015-0204 which relate to the JDBC, Portable Clusterware and the core RDMBS component respectively. The highest scoring vulnerability CVE-2016-3609 is for Oracle’s JVM, rated as 9.0 (Windows OS). In addtion there are a couple of exploits associates with Application Express.

Please see the full Oracle advisory here http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixDB

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Share This