Oracle on Tuesday announced 389 new security patches as part of its first Critical Patch Update (CPU) of 2024, including dozens that deal with critical-severity vulnerabilities.
SecurityWeek has identified over 200 unique CVEs in Oracle’s January 2024 CPU. More than 200 security patches resolve bugs that can be exploited by remote, unauthenticated attackers.
This month, Financial Services Applications was the most impacted product, receiving 71 new security patches, including 54 for vulnerabilities that can be exploited remotely without authentication.
Numerous security patches were also released for Communications (55 patches – 43 for remotely exploitable, unauthenticated flaws), Communications Applications (43 – 25), MySQL (40 – 12), and Fusion Middleware (39 – 29).
Oracle’s January 2024 CPU includes updates for E-Business Suite (19 patches – 14 for vulnerabilities exploitable remotely, without authentication), Analytics (17 – 11), Java SE (13 – 11), Enterprise Manager (12 – 11), Hyperion (11 – 10), JD Edwards (9 – 6), Systems (9 – 3), and for a dozen other products.
As usual, the patches for some of these vulnerabilities address additional security holes as well. The CPU also includes fixes for multiple non-exploitable flaws.
Some of the bugs impact multiple applications and Oracle released separate security patches for each of the affected products.
The tech giant urges all customers to apply the patches as soon as possible, warning that it periodically receives reports of in-the-wild exploitation of issues for which it has released fixes.
“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update security patches as soon as possible,” the company notes.
On Tuesday, Oracle also published a new bulletin to describe the vulnerabilities resolved in Oracle Linux over the past two months, and a Solaris Third Party bulletin, with details on patches for third party software distributed with Oracle Solaris.
For 2024, Oracle plans to release three more Critical Patch Updates, on the third Tuesday of April, July, and October.
Related: Oracle Patches 185 Vulnerabilities With October 2023 CPU
Related: Oracle Releases 508 New Security Patches With July 2023 CPU
Related: Oracle Releases 433 New Security Patches With April 2023 CPU
