Skip to main content

Oracle's quarterly patch bundle includes 402 bug fixes, many critical

(Image credit: Image Credit: Ken Wolter / Shutterstock)

Oracle has released this year's final batch of security updates, fixing many high-severity vulnerabilities across a range of products. In total, the batch addresses 402 issues, 230 of which address critical flaws.

In a follow-up advisory, the company said that many of the vulnerabilities were being exploited in the wild and urged its customers to deploy patches as soon as possible.

"In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches,” the advisory reads.

“Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay."

You can find the full list of products affected by these vulnerabilities here, with notable mentions including Oracle Enterprise Manager, Big Data Spatial and Graph, MySQL Cluster, Enterprise Monitor, Server and Workbench.

According to Oracle, a handful of vulnerabilities can be exploited without extra privileges, including multiple in Oracle TimesTen In-Memory Database (CVE-2018-11058, CVE-2017-5645, CVE-2019-1010239 and CVE-2019-0201).

Those that are unable to deploy patches immediately are advised to implement workarounds in the meantime.

"Until you apply the Critical Patch Update patches, it may be possible to reduce the risk of successful attack by blocking network protocols required by an attack,” Oracle suggested.