Oracle addresses nearly 300 vulnerabilities in the first Critical Patch Update of 2019.
On January 15, Oracle released its Critical Patch Update, a quarterly publication of fixes for vulnerabilities. This month’s update contains nearly 300 fixes across a number of Oracle products.
The Critical Patch Update for January 2019 addresses a variety of vulnerabilities. For instance, Oracle published 30 fixes for MySQL, including a fix for MySQL Workbench to address the libssh vulnerability (CVE-2018-10933). There are also several fixes for CVE-2017-5645, a deserialization vulnerability in Apache Log4j, as well as CVE-2016-1000031, the Apache Commons FileUpload Remote Code Execution vulnerability discovered by Tenable Research.
The following is the full list of products with vulnerabilities addressed in this month’s release:
- Oracle Database Server
- Oracle Communications Applications
- Oracle Construction and Engineering Suite
- Oracle E-Business Suite
- Oracle Enterprise Manager Products Suite
- Oracle Financial Services Applications
- Oracle Food and Beverage Applications
- Oracle Fusion Middleware
- Oracle Health Sciences Applications
- Oracle Hospitality Applications
- Oracle Hyperion
- Oracle Insurance Applications
- Oracle Java SE
- Oracle JD Edwards Products
- Oracle MySQL
- Oracle PeopleSoft Products
- Oracle Retail Applications
- Oracle Siebel CRM
- Oracle Sun Systems Products Suite
- Oracle Supply Chain Products Suite
- Oracle Support Tools
- Oracle Utilities Applications
- Oracle Virtualization
Customers are advised to apply all relevant patches provided by Oracle in this Critical Patch Update.
Identifying affected systems
A list of Nessus plugins to identify these vulnerabilities will appear here as they’re released.
Update January 17: Tenable.io Container Security offers coverage for Oracle Java, Oracle MySQL, Oracle WebLogic and Oracle RDBMS.
Get more information
- Oracle Critical Patch Update - January 2019
- libssh Vulnerable to Authentication Bypass (CVE-2018-10933)
- Tenable Research Advisory for Apache Commons FileUpload (CVE-2016-1000031)