www.itnews.com.au
Open in
urlscan Pro
203.176.102.69
Public Scan
URL:
https://www.itnews.com.au/news/oracle-issues-mammoth-patch-collection-601396
Submission: On October 19 via api from TR — Scanned from AU
Submission: On October 19 via api from TR — Scanned from AU
Form analysis 1 forms found in the DOM
POST /news/oracle-issues-mammoth-patch-collection-601396
<form id="frm-login" action="/news/oracle-issues-mammoth-patch-collection-601396" method="post">
<h3 class="section-header"><span>Log In</span></h3>
<div id="login-form-register"><a href="/register">Don't have an account? Register now!</a></div>
<div id="login-validation"></div>
<div id="login-response"></div>
<div class="form-label email-login">Email:</div>
<div class="form-input"><input id="username" name="username" type="text" required=""></div>
<div class="form-label password-login">Password:</div>
<div class="form-input"><input id="password" name="password" type="password" required=""></div>
<div class="row form-checkbox">
<input id="rememberMe" name="rememberMe" type="checkbox"><label for="rememberMe">Remember me</label><span> | <a href="/forgot" title="Forgot your password?">Forgot your password?</a></span>
</div>
</form>Text Content
Latest News MICROSOFT PITCHES GLASS AS ETERNAL STORAGE MEDIUM SEVEN TURNS AI TO AD TARGETING ON 7PLUS PLATFORM NBN CO IS NOW UPGRADING 5000 PREMISES A WEEK TO FTTP ORACLE ISSUES MAMMOTH PATCH COLLECTION CRITICAL CITRIX NETSCALER BUG NEEDS MORE THAN PATCHES * Australia Edition * Asia Edition LOG IN SUBSCRIBE Search BUSINESS CLOUD DATA CENTRE EDUCATION FINANCE HARDWARE HEALTHCARE INDUSTRIAL NETWORKING PROJECTS SOFTWARE STORAGE STRATEGY TECHNOLOGY TELCO/ISP State of Security State of Sustainability State of IT Focal Points MEDIA HUB PARTNER CONTENT PARTNER HUBS RESEARCH * NEWS * GOVERNMENT * SECURITY * REPORTS * RESOURCES * PODCAST * BENCHMARKS NEWS BUSINESS CLOUD DATA CENTRE EDUCATION FINANCE HARDWARE HEALTHCARE INDUSTRIAL NETWORKING PROJECTS SOFTWARE STORAGE STRATEGY TECHNOLOGY TELCO/ISP GOVERNMENT SECURITY REPORTS State of Security State of Sustainability State of IT RESOURCES Focal Points MEDIA HUB PARTNER CONTENT PARTNER HUBS RESEARCH PODCAST BENCHMARKS Australia Edition Asia Edition LOG IN Email: Password: Remember me | Forgot password? Don't have an account? Register now! * Home * News * Technology * Security ORACLE ISSUES MAMMOTH PATCH COLLECTION By Richard Chirgwin Oct 19 2023 11:45AM MOSTLY FIXING THIRD-PARTY UTILITIES. Oracle’s quarterly patch release fixes an eye-watering 387 security vulnerabilities, but only 14 of them are rated critical (with a CVSS score greater than 9). A critical Apache Commons ByteCode engineering library (BCEL) bug affects the company’s Communications Applications. CVE-2023-34462 is an API bug that gives an attacker control over the bytecode produced by the library, and was first disclosed in July 2022. The bug also affects PeopleSoft, Communications, Insurance Applications, Retail Applications, Utilities Applications, and Fusion Middleware. Oracle Communications inherits a critical bug in OpenSSH, CVE-2023-38408, patched by the project in in September 2023; another in PHP patched in August, CVE-2023-3824; and CVE-2022-36944, a deserialisation bug in Scala. Oracle Financial Services Applications gets fixes for three critical bugs: CVE-2023-22946 in Apache Spark (also fixed in Oracle Analytics), CVE-2022-1471 in SnakeYaml (also fixed in Retail Applications, Financial Services, and Banking), and CVE-2023-20873 in Spring Boot. Among its eight fixes, the company’s Fusion middleware has three critical bugs in its core component: CVE-2023-22069, CVE-2023-22072, and CVE-2023-22089, all described as “easily exploited” vulnerabilities allowing an attacker to compromise the WebLogic server. Oracle Analytics inherits two further bugs from the Apache project: CVE-2022-26612 in the Hadoop unTar function; and CVE-2022-33980 in the Apache Commons configuration utility. Hyperion inherits yet another Apache bug: CVE-2023-25690, a web request smuggling vulnerability in the project’s HTTP server. Finally, a Spring security bug, CVE-2023-34034, shows up in MySQL and Communications. Oracle's critical patch update is here. Got a news tip for our journalists? Share it with us anonymously here. Copyright © iTnews.com.au . All rights reserved. Tags: apacheopensshoraclesecurityspring RELATED ARTICLES * Critical Citrix NetScaler bug needs more than patches * Five Eyes intelligence chiefs warn on China's 'theft' of intellectual property * Super SA discloses third-party data breach * Google researchers spot WinRAR exploits in the wild PARTNER CONTENT Promoted Content How to create seamless customer journeys with generative AI Partner Content Robust identity management bolsters security and boosts revenues in higher education As transformation accelerates, sustainability has never been more important Partner Content Australian organisations lack the 'data smartness' which could help them reduce emissions, improve productivity SPONSORED WHITEPAPERS The Healthcare CISO’s Guide to Medical IoT Security The Enterprise Buyer's Guide to IoT Security. 5 Must-Haves for Comprehensive Zero Trust IoT Security How to reach the ‘Holy Grail’ of security and performance with SASE Unveiling the Invisible Threat: Mastering the Art of Conveying Cyber Risks to Boards Transforming Your Business EVENTS * Forrester Technology & Innovation APAC 2023 MOST READ ARTICLES QLD GOV INTRODUCES DATA BREACH NOTIFICATION LEGISLATION NATIONAL CYBER SECURITY COORDINATOR WARNS SCHOOLS BECOMING TARGETS CISCO WARNS OF CRITICAL IOS VULNERABILITY BEING EXPLOITED MICROSOFT IDENTIFIES "ORO0LXY" AS CONFLUENCE ATTACKER Please enable JavaScript to view the comments powered by Disqus. DIGITAL NATION State of Security 2023 How eBay uses interaction analytics to improve CX More than half of loyalty members concerned about their data Health tech startup Kismet raises $4m in pre-seed funding COVER STORY: What AI regulation might look like in Australia Sponsored Links * Rittal All-in-one Micro Data Centre Solutions for all on-premise applications – Rack, Power, Cooling, Security & Monitoring. MOST POPULAR TECH STORIES * STATE OF SECURITY 2023 COVER STORY: SUSTAINABILITY AND AI, A PROMISING PARTNERSHIP OR AN ENVIRONMENTAL GREY AREA? FYAI: WHAT IS AN AI HALLUCINATION AND HOW DOES IT IMPACT BUSINESS LEADERS? CASE STUDY: WARREN AND MAHONEY ADOPTS DIGITAL TOOLS TO REDUCE ITS CARBON FOOTPRINT CRICKET AUSTRALIA AUTOMATES EXPERIENCES FOR FANS AND PLAYERS * PRIVACY LAWS ON AGENDA AT CRN CHANNEL MEETS MELBOURNE VERSENT ACCEPTS TELSTRA ACQUSITION OFFER STATE OF SECURITY 2023 QLD GOV INTRODUCES DATA BREACH NOTIFICATION LEGISLATION MICROSOFT PASSES RESPONSIBILITY OF SYDNEY'S D365 GROUP TO DISTRIBUTOR DICKER DATA * RIGHT TO REPAIR: LARGE SCALE IT BUYERS CAN INFLUENCE PRODUCT DESIGN... AND THEY SHOULD SHIVERING IN SUMMER? SWEATING IN WINTER? YOUR BUILDING IS LIVING A LIE BUILDING A MODERN WORKPLACE FOR A REMOTE WORKFORCE VENOM BLACKBOOK ZERO 15 PHANTOM HOW LONG WILL A UPS KEEP YOUR COMPUTERS ON IF THE LIGHTS GO OUT? * SAMSUNG, WHIRLPOOL BANK ON SMART FRIDGE RENAISSANCE WHEN MINUTES SAVE LIVES: IOT DELIVERS EARLIER FLOOD WARNINGS HOW SYDNEY OLYMPIC PARK IS SETTING THE PACE ON DIGITAL TRANSPARENCY ANNOUNCING THE 2022-23 IOT AWARDS FINALISTS A SELF-MANAGING SMART BIN FOR EWASTE Contact Us About Us Feedback Advertise Newsletter Archive Site Map RSS © 2023 nextmedia Pty Ltd. OTHER TECH SITES: BIT | CRN Australia | Digital Nation | IoT Hub All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation. Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions. Powered By Accept By using our site you accept that we use and share cookies and similar technologies to perform analytics and provide content and ads tailored to your interests. By continuing to use our site, you consent to this. Please see our Cookie Policy for more information. Close LOG IN Don't have an account? Register now! Email: Password: Remember me | Forgot your password? Log InCancel