{ "file_item": { "filepath": "security-advisories", "filename": "CERT-EU-SA2018-027.pdf" }, "title": "Multiple Vulnerabilities in Oracle Products", "serial_number": "2018-027", "publish_date": "19-10-2018 13:37:00", "description": "On 16th of October 2018, Oracle released a critical patch bundle that addresses several security vulnerabilities. The patch contains 301 new fixes since the last patch. The addressed vulnerabilities affect many Oracle products including among others Oracle Database, Oracle Communications, Enterprise Manager, Fusion Middleware, Java, MySQL, Retail Applications, Peoplsoft, and others.", "url_title": "2018-027", "content_markdown": "---\ntitle: 'Multiple Vulnerabilities in\u00a0Oracle\u00a0Products'\nversion: '1.0'\nnumber: '2018-027'\ndate: 'October 19, 2018'\n---\n\n_History:_\n\n* _19/10/2018 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn 16th of October 2018, Oracle released a critical patch bundle that addresses several security vulnerabilities. The patch contains 301 new fixes since the last patch. The addressed vulnerabilities affect many Oracle products including among others Oracle Database, Oracle Communications, Enterprise Manager, Fusion Middleware, Java, MySQL, Retail Applications, Peoplsoft, and others.\n\n# Technical Details\n\nThe vulnerabilities affect a large number of Oracle products that can be potentially exploited. In most of the listed vulnerabilities the adversary can exploit various protocols remotely without prior authentication [1]. The patches are cumulative. That means, it is only a complementary update to the systems since the previous update.\n\n# Versions Affected\n\nPlease refer to the Oracle's Critical Patch Update Advisory - October 2018 [1].\n\n# Recommendations\n\n1. Depending on your Oracle software, address all the previous patch releases [2].\n2. Apply the missing patches as soon as possible .\n\n# References\n\n[1]\t\n\n[2] \n", "content_html": "

History:

Summary

On 16th of October 2018, Oracle released a critical patch bundle that addresses several security vulnerabilities. The patch contains 301 new fixes since the last patch. The addressed vulnerabilities affect many Oracle products including among others Oracle Database, Oracle Communications, Enterprise Manager, Fusion Middleware, Java, MySQL, Retail Applications, Peoplsoft, and others.

Technical Details

The vulnerabilities affect a large number of Oracle products that can be potentially exploited. In most of the listed vulnerabilities the adversary can exploit various protocols remotely without prior authentication [1]. The patches are cumulative. That means, it is only a complementary update to the systems since the previous update.

Versions Affected

Please refer to the Oracle's Critical Patch Update Advisory - October 2018 [1].

Recommendations

  1. Depending on your Oracle software, address all the previous patch releases [2].
  2. Apply the missing patches as soon as possible .

References

[1] https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

[2] https://www.oracle.com/technetwork/topics/security/alerts-086861.html

", "licence": { "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)", "link": "https://creativecommons.org/licenses/by/4.0/", "restrictions": "https://cert.europa.eu/legal-notice", "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies" } }