Skip to main content

Oracle's quarterly patch bundle includes 402 bug fixes, many critical

(Image credit: Image Credit: Ken Wolter / Shutterstock)

Oracle has released this year's final batch of security updates (opens in new tab), fixing many high-severity vulnerabilities across a range of products. In total, the batch addresses 402 issues, 230 of which address critical flaws.

In a follow-up advisory, the company said that many of the vulnerabilities were being exploited in the wild and urged its customers to deploy patches as soon as possible.

"In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches,” the advisory reads (opens in new tab).

“Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay."

You can find the full list of products affected by these vulnerabilities here (opens in new tab), with notable mentions including Oracle Enterprise Manager, Big Data Spatial and Graph, MySQL Cluster, Enterprise Monitor, Server and Workbench.

According to Oracle, a handful of vulnerabilities can be exploited without extra privileges, including multiple in Oracle TimesTen In-Memory Database (CVE-2018-11058, CVE-2017-5645, CVE-2019-1010239 and CVE-2019-0201).

Those that are unable to deploy patches immediately are advised to implement workarounds in the meantime.

"Until you apply the Critical Patch Update patches, it may be possible to reduce the risk of successful attack by blocking network protocols required by an attack,” Oracle (opens in new tab)suggested.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.