Oracle released the last quarterly edition of this year’s Critical Patch Update. The update contains patches for 334 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 100 constituting about 30% of the total patches released. Oracle MySQL and Oracle Fusion Middleware followed, with 45 and 32 security patches, respectively.
244 of the 334 security patches provided by the October Critical Patch Update (about 73%) are for non-Oracle CVEs, such as open-source components included and exploitable in the context of their Oracle product distributions. This batch of security patches contains 26 updates for Oracle Database products. The following is the product-wise distribution:
- Six new security updates for Oracle Database Server with a maximum reported CVSS Base Score of 5.3.
- One of these updates applies to client-only deployments of the Oracle Database.
- Three new security updates for Oracle Application Express with a maximum reported CVSS Base Score of 6.3.
- Seven new security updates for the Oracle Blockchain Platform with a maximum reported CVSS Base Score of 7.5.
- One new security update for Oracle Essbase with a maximum reported CVSS Base Score of 6.5.
- Four new security updates for Oracle GoldenGate with a maximum reported CVSS Base Score of 5.3.
- One new security update for Oracle NoSQL Database with a maximum reported CVSS Base Score of 4.3.
- Two new security updates for Oracle Secure Backup with a maximum reported CVSS Base Score of 7.5.
- One new security update for Oracle SQL Developer with a maximum reported CVSS Base Score of 5.9.
In these security updates, Oracle has covered product families, including Oracle Database Server, Oracle Application Express, Oracle Blockchain Platform, Oracle Essbase, Oracle GoldenGate, Oracle NoSQL Database, Oracle Secure Backup, Oracle SQL Developer, Oracle Commerce, Oracle Communications Applications, Oracle Communications, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle Financial Services Applications, Oracle Food and Beverage Applications, Oracle Fusion Middleware, Oracle Analytics, Oracle Hospitality Applications, Oracle Hyperion, Oracle Java SE, Oracle MySQL, Oracle PeopleSoft, Oracle Retail Applications, Oracle Siebel CRM, Oracle Supply Chain, Oracle Systems, Oracle Utilities Applications, Oracle Virtualization.
