Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Supply Chain Security

Oracle Releases 370 New Security Patches With October 2022 CPU

Oracle on Tuesday announced the release of 370 patches as part of its quarterly set of security updates. The October 2022 Critical Patch Update (CPU) resolves over 50 critical-severity vulnerabilities.

More than 200 of the newly released security patches deal with vulnerabilities that are remotely exploitable without authentication.

Oracle on Tuesday announced the release of 370 patches as part of its quarterly set of security updates. The October 2022 Critical Patch Update (CPU) resolves over 50 critical-severity vulnerabilities.

More than 200 of the newly released security patches deal with vulnerabilities that are remotely exploitable without authentication.

Oracle Communications was the enterprise product to receive the largest number of new fixes, at 74. Of the resolved security defects, 64 can be exploited remotely without authentication and 19 were rated ‘critical severity’.

Fusion Middleware was the second most impacted application, with 56 new security patches, including 43 dealing with flaws that are remotely exploitable without authentication. Nine of the resolved issues are rated ‘critical’.

This month, MySQL received 37 new security patches (11 remotely exploitable, unauthenticated bugs), Retail Applications and Communications Applications each received 27 patches (21 remotely exploitable, unauthenticated issues each), and Financial Services Applications received 24 patches (16).

Oracle also released numerous patches for Siebel CRM (14 patches – 12 for vulnerabilities remotely exploitable without authentication), Supply Chain (13 – 9), JD Edwards (10 – 9), Virtualization (10 – 3), Java SE (9 – 9), PeopleSoft (8 – 4), Systems (8 – 4), and Database Server (8 – 1).

The Oracle CPU for October 2022 also brought patches for Communications Data Model, GoldenGate, Secure Backup, Commerce, Construction and Engineering, E-Business Suite, Enterprise Manager, HealthCare Applications, Hospitality Applications, Hyperion, Insurance Applications, and Utilities Applications.

Oracle products such as Airlines Data Model, Big Data Graph, NoSQL Database, SQL Developer, and TimesTen In-Memory Database received no new security patches, but the software giant rolled out third-party patches for them. Third-party patches were released for other products as well.

Advertisement. Scroll to continue reading.

As usual, Oracle warns of malicious attempts to exploit unpatched vulnerabilities for which fixes are available, encouraging customers to install the available updates as soon as possible.

“In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay,” the company notes.

Related: Oracle Releases 349 New Security Patches With July 2022 CPU

Related: Oracle Releases 520 New Security Patches With April 2022 CPU

Related: Oracle’s First Security Updates for 2022 Include 497 Patches

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.