14 DAY TRIAL // Oracle has released its critical patch update (CPU) for October 2013. A total of 127 security holes have been addressed, 51 of which impact Java.
The fixed vulnerabilities impact products from the following families: Database, Middleware, Enterprise Manager, E-Business Suite, Oracle Supply Chain, PeopleSoft, Siebel, iLearning, Oracle Health Sciences, FLEXCUBE, Sun Systems, Primavera, Linux and Virtualization, Java SE and MySQL.
Since there are a large number of vulnerabilities, the list of researchers credited for finding them is also long. It includes Adam Gowdiak of Security Explorations, Adi Ludmer of McAfee Labs, Alexey Tyurin of ERPScan, Anagha Devale-Vartak of AVsecurity.in, Chris Ries via the Exodus Intelligence Program, James Forshaw of Context Information Security, and Tom Parker of Orion Health.
One of the Java vulnerabilities fixed in the October 2013 CPU was identified in July by Security Explorations. Today, the company has published the technical details for the security hole, which they’ve dubbed “issue 69.”
The next CPU is scheduled for 14 January 2014.