Oracle’s January 2013 CPU Update

Oracle’s January 2013 CPU Update

This week, Oracle released their quarterly Critical Patch Update (CPU) for January 2013. CPUs are collections of security updates, which fix vulnerabilities in a wide-range of Oracle products. This quarter’s updates fix 86 vulnerabilities in many different Oracle products and suites.

Refer to the table below for more details about the affected products and severity of the flaws:

Product or Suite Flaws Fixed (CVE) Max CVSS
Database Server (and Mobile) 6 10.0
Fusion Middleware 7 5.0
Enterprise Manager Grid Control 13 7.5
Virtual Box 1 2.4
E-Business Suite 9 6.4
Supply Chain Product Suite 1 2.1
MySQL 18 9.0
PeopleSoft Products 12 5.5
JD Edwards Products 1 3.5
Siebel CRM 10 5.0
Sun Product 8 6.6

Oracle’s advisory doesn’t describe every flaw in technical detail. However, they do describe the general impact of each issue, and share  CVSS severity ratings. While the severity of the 86 vulnerabilities differs greatly, some of them pose a pretty critical risk.

For instance, the updates for Oracle Database Server fix vulnerabilities with a CVSS score of 10—the highest possible severity rating. One of these flaws allows unauthenticated, remote attackers to potentially gain complete control of your Oracle database server. If you manage any of the affected Oracle products, you’ll want to
install the corresponding updates as soon as you can. You’ll find more details about these updates in the Patch Availably section of Oracle’s alert. — Corey Nachreiner, CISSP (@SecAdept)

Published with permission from WatchguardWire. Source.

Leave a comment!

You must be logged in to post a comment.