Oracle has released its Critical Patch Update (CPU) for April 2014. A total of 104 security fixes are included in the latest update, the company has announced.
The list of affected products includes Database, Fusion Middleware, Access Manager, Containers for J2EE, Data Integrator, Endeca Server, Event Processing, OpenSSO, WebCenter Portal, WebLogic Server, Hyperion Common Admin, E-Business Suite, Agile PLM Framework, Transportation Management, PeopleSoft Enterprise, Java SE, MySQL Server and others.
Unsurprisingly, many of the vulnerabilities impact Java SE. Of the total of 37 Java SE security holes, 35 can be remotely exploited by an attacker without the need of authentication credentials.
The patches for many of the products are cumulative, which means that they include the all the fixes from previous CPUs as well.
The vulnerabilities fixed with the April 2014 CPU have been reported by Andrea Micalizzi (rgod), Borked of the Google Security Team, Christopher Meyer of Ruhr-University Bochum, Ilja van Sprundel of ioactive.com, Jörg Delker, the Red Hat Security Response Team, Timo Warns, Yuki Chen of Trend Micro, and many others.
Oracle advises customers to update their installations as soon as possible. The next update is scheduled for July 15, 2014.
For additional details, check out the Oracle Critical Patch Update Advisory for April 2014.