Oracle’s Recent October 2019 Critical Patch Update: What’s included and what you need to know!
By Adrian Ashley
On 03 December 2019
What is it?
Each quarter, Oracle releases a Critical Patch Update (CPU) bundle with a multitude of important patches, ranging from bugs to security fixes. Data Intensity recommends all customers apply these fixes in a regular cadence to reduce risks and help keep your environment secure and stable.
Ready to start patching?
To contact us for more information regarding the application of these critical patches, use the contact form below.
What’s important in this release?
Our evaluation of the October 2019 CPU identified some very important fixes.
- 219 vulnerabilities, in addition to previously released patches, across the Oracle product range. (Should be applied as soon as possible.)
- 42% open-source components used within Oracle products (eg: Oracle HTTP Server uses Apache)
- 38% non-Oracle vulnerabilities
- 49 listed as high or critical on the CVSS Scores (between 7 and 10)
- 10 new vulnerabilities (Highest of which scores 6.8 – Medium)
- Enterprise Manager/Grid Control
- 7 new vulnerabilities — 5 are remotely exploitable without authentication, (highest score is 9.8 out of 10!)
- Fusion Middleware
- 37 new vulnerabilities — 31 are remotely exploitable without authentication, (highest score is 9.8 out of 10!)
- Note: Fusion Middleware is often exposed to the internet so is often the highest risk. It is important to note that WebLogic is often embedded in other Oracle products so these may also be vulnerable e.g. Oracle Enterprise manager, Oracle Exadata and Oracle VM manager all have upgrades released to overcome these vulnerabilities.
- Oracle E-Business Suite
- 10 new vulnerabilities — All 10 are remotely exploitable with authentication (Highest score is 8.2 – Medium). The majority of the vulnerabilities are related to non-core products e.g. Oracle Marketing and Telephony.
- MySQL: 34 new security fixes