14 DAY TRIAL // Oracle has released its Critical Patch Update (CPU) for January 2014. The latest CPU fixes a total of 144 vulnerabilities, many of which can be exploited remotely.
Products such as MySQL Enterprise Monitor and Server, Database, Fusion Middleware, Enterprise Data Quality, Forms and Reports, Portal, Outside in Technology, GlassFish Server, HTTP Server, iPlanet, Reports Developer, VM VirtualBox, Siebel, Solaris, Identity Manager, Internet Directory, and E-Business Suite are impacted.
The January 2014 CPU also addresses a total of 36 vulnerabilities affecting Java SE components, such as Java SE, Java SE Embedded, JavaFX and JRockit. 34 of the security holes can be exploited remotely without authentication.
A large number of security researchers have been credited for finding the flaws fixed with the latest CPU.
The list includes Adam Willard of Foreground Security, Arseniy Akuney of TELUS Security Labs, Borked of the Google Security Team, Christopher Meyer of Ruhr-University Bochum, Fernando Muñoz, Joseph Sheridan of Reactionis, Matthew Daley, Oliver Gruskovnjak of Portcullis, Tanel Poder, Will Dormann of CERT/CC, and Yuki Chen of Trend Micro.
Users are advised to apply the patches as soon as possible. Oracle’s next CPU is scheduled for April 15, 2014.