Oracle on Tuesday announced the release of its first Critical Patch Update for 2023, which includes 327 new security patches. More than 70 fixes address critical-severity vulnerabilities.
Over 200 of the patches resolve security defects that can be exploited remotely without authentication. Some of the resolved bugs impact multiple products.
The highest number of new fixes was released by the tech giant for Oracle Communications, at 79. Of these, 63 vulnerabilities are remotely exploitable without authentication and 19 have a ‘critical severity’ rating.
Oracle’s January 2023 CPU includes 50 security patches that resolve flaws in Fusion Middleware. Thirty-nine of the bugs can be exploited by a remote, unauthenticated attacker, and 14 are rated ‘critical’.
Many patches were also released for Communications Applications (39 patches, including 31 for remotely exploitable without authentication) and for MySQL (37 fixes, eight for unauthenticated, remotely exploitable flaws).
Other Oracle enterprise software that received numerous patches this month includes Financial Services Applications (16 patches – 12 remotely exploitable, unauthenticated issues), E-Business Suite (12 – 10), PeopleSoft (12 – 10), Database Server (9 – 1), Supply Chain (8 – 5), Utilities Applications (7 – 7), Construction and Engineering (7 – 4), Food and Beverage Applications (7 – 2), Support Tools (6 – 6), and Virtualization (6 – 1).
Oracle’s January 2023 CPU also includes security patches for Essbase, GoldenGate, TimesTen In-Memory Database, Commerce, Enterprise Manager, Health Sciences Applications, HealthCare Applications, Hospitality Applications, Hyperion, Insurance Applications, Java SE, JD Edwards, Retail Applications, Siebel CRM, and Systems.
The tech giant also announced that, while no new patches were rolled out for applications such as Big Data Graph, Global Lifecycle Management, Graph Server and Client, and Spatial Studio, updates were made available for them to address third-party issues. Oracle released third-party patches for other products as well.
As usual, Oracle encourages customers to apply the available patches as soon as possible, underlining that it has received reports of malicious attempts to exploit unpatched issues for which fixes are available.
Related: Oracle Releases 370 New Security Patches With October 2022 CPU
Related: Oracle Releases 349 New Security Patches With July 2022 CPU
Related: Oracle Releases 520 New Security Patches With April 2022 CPU
More from Ionut Arghire
- Australian Man Sentenced for Scam Related to Optus Hack
- Chrome 110 Patches 15 Vulnerabilities
- Tor Network Under DDoS Pressure for 7 Months
- Russian Admits in US Court to Laundering Money for Ryuk Ransomware Gang
- Patient Information Compromised in Data Breach at San Diego Healthcare Provider
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- Vulnerability Provided Access to Toyota Supplier Management Network
- Linux Variant of Cl0p Ransomware Emerges
Latest News
- Skybox Security Raises $50M, Hires New CEO
- Spies, Hackers, Informants: How China Snoops on the US
- Australian Man Sentenced for Scam Related to Optus Hack
- Chrome 110 Patches 15 Vulnerabilities
- Application Security Protection for the Masses
- Tor Network Under DDoS Pressure for 7 Months
- Siemens License Manager Vulnerabilities Allow ICS Hacking
- UN Experts: North Korean Hackers Stole Record Virtual Assets
