For July, Oracle is releasing a huge security update with fixes for 89 different bugs. Nearly every enterprise that uses Oracle software will need to apply the updates as soon as possible.
Computerworld’s Jeremy Kirk reported, “Oracle said on Tuesday that its monthly round of patches for July includes 89 fixes, 27 of which address remotely exploitable vulnerabilities in four widely used products. The most serious, remotely exploitable vulnerabilities affect the Oracle Database, its Fusion Middleware, the Oracle and Sun Systems Product Suite, and the MySQL database, wrote Eric P. Maurice, director of Oracle Software Security Assurance.”
The Inquirer’s Lee Bell noted, “Out of the 89 security fixes included with this update, the firm said six are for Oracle Database, with one of the vulnerabilities being remotely exploitable without authentication.”
The Register quoted Tripwire security researcher Craig Young, who said, “The constant drumbeat of critical Oracle patches is more than a little alarming particularly because the vulnerabilities are frequently reported by third parties who presumably do not have access to full source code. This month’s Critical Patch Update credits 18 different researchers coming from more than a dozen different companies.”
eSecurity Planet also quoted Young, who added, “By my count, Oracle has already acknowledged and fixed 343 security issues in 2013. In case there was any doubt, this should be a big red flag to end users that Oracle’s security practices are simply not working.”