Oracle has released its massive patch package for multiple security vulnerabilities.
The United States software maker Oracle releases its security updates every three months, which it referred to as "Critical Patch Updates" (CPU). Yesterday, Oracle released its second CPU-date of this year providing important updates that include a total of 104 vulnerabilities, the company has announced.
From the overall vulnerabilities, 37 security vulnerabilities impact Java SE and several of these flaws are so serious that it can be remotely exploited by a malicious malware to gain system access and execute arbitrary code with the privileges of a local user.
Successful exploitation also allows an attacker to manipulate certain local data on a system and can cause a DoS attack without the need of authentication credentials, which means the flaws can be exploited over a network without the need for a username and password to crashing an application or an entire system.
In the latest update, the vulnerability has been fixed
In addition to the Java SE, vulnerability has been fixed in each affected software product including:
- Oracle Database
- Fusion Middleware
- Access Manager
- Containers for J2EE
- Data Integrator
- Endeca Server
- Event Processing
- OpenSSO
- WebCenter Portal
- WebLogic Server
- Hyperion Common Admin
- E-Business Suite
- Agile PLM Framework
- Transportation Management
- PeopleSoft Enterprise
- Java SE, MySQL Server and others
Among the security updates, 4 out of 37 Java vulnerabilities are very serious that have been evaluated in the maximum rating of 10.0 in the CVSS (Common Vulnerability Scoring System) base score of common indicators risk, those must be considered as very critical.
CVE-IDs of 37 Serious Java Vulnerabilities:
- CVE-2013-6629
- CVE-2013-6954
- CVE-2014-0429
- CVE-2014-0432
- CVE-2014-0446
- CVE-2014-0448
- CVE-2014-0449
- CVE-2014-0451
- CVE-2014-0452
- CVE-2014-0453
- CVE-2014-0454
- CVE-2014-0455
- CVE-2014-0456
- CVE-2014-0457
- CVE-2014-0458
- CVE-2014-0459
- CVE-2014-0460
- CVE-2014-0461
- CVE-2014-0463
- CVE-2014-0464
- CVE-2014-1876
- CVE-2014-2397
- CVE-2014-2398
- CVE-2014-2401
- CVE-2014-2402
- CVE-2014-2403
- CVE-2014-2409
- CVE-2014-2410
- CVE-2014-2412
- CVE-2014-2413
- CVE-2014-2414
- CVE-2014-2420
- CVE-2014-2421
- CVE-2014-2422
- CVE-2014-2423
- CVE-2014-2427
- CVE-2014-2428
The users are advised to update their installations as soon as possible from Java website or using the Java Control Panel.
