Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Supply Chain Security

Oracle Releases 370 New Security Patches With October 2022 CPU

Oracle on Tuesday announced the release of 370 patches as part of its quarterly set of security updates. The October 2022 Critical Patch Update (CPU) resolves over 50 critical-severity vulnerabilities.

More than 200 of the newly released security patches deal with vulnerabilities that are remotely exploitable without authentication.

Oracle on Tuesday announced the release of 370 patches as part of its quarterly set of security updates. The October 2022 Critical Patch Update (CPU) resolves over 50 critical-severity vulnerabilities.

More than 200 of the newly released security patches deal with vulnerabilities that are remotely exploitable without authentication.

Oracle Communications was the enterprise product to receive the largest number of new fixes, at 74. Of the resolved security defects, 64 can be exploited remotely without authentication and 19 were rated ‘critical severity’.

Fusion Middleware was the second most impacted application, with 56 new security patches, including 43 dealing with flaws that are remotely exploitable without authentication. Nine of the resolved issues are rated ‘critical’.

This month, MySQL received 37 new security patches (11 remotely exploitable, unauthenticated bugs), Retail Applications and Communications Applications each received 27 patches (21 remotely exploitable, unauthenticated issues each), and Financial Services Applications received 24 patches (16).

Oracle also released numerous patches for Siebel CRM (14 patches – 12 for vulnerabilities remotely exploitable without authentication), Supply Chain (13 – 9), JD Edwards (10 – 9), Virtualization (10 – 3), Java SE (9 – 9), PeopleSoft (8 – 4), Systems (8 – 4), and Database Server (8 – 1).

The Oracle CPU for October 2022 also brought patches for Communications Data Model, GoldenGate, Secure Backup, Commerce, Construction and Engineering, E-Business Suite, Enterprise Manager, HealthCare Applications, Hospitality Applications, Hyperion, Insurance Applications, and Utilities Applications.

Oracle products such as Airlines Data Model, Big Data Graph, NoSQL Database, SQL Developer, and TimesTen In-Memory Database received no new security patches, but the software giant rolled out third-party patches for them. Third-party patches were released for other products as well.

As usual, Oracle warns of malicious attempts to exploit unpatched vulnerabilities for which fixes are available, encouraging customers to install the available updates as soon as possible.

“In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay,” the company notes.

Related: Oracle Releases 349 New Security Patches With July 2022 CPU

Related: Oracle Releases 520 New Security Patches With April 2022 CPU

Related: Oracle’s First Security Updates for 2022 Include 497 Patches

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.