http://www.eweek.com/security/oracle-patches-301-vulnerabilities-in-october-update
By: Sean Michael Kerner
eWeek.com
October 18, 2018
Oracle's final Critical Patch Update (CPU) for 2018 is now available,
patching 301 vulnerabilities spread across Oracle's product portfolio.
Of the 301 vulnerabilities, 49 are rated with a CVSS (Common
Vulnerabilities Security Scoring) score of 9.0 or higher, with only a
single issue garnering the top severity rating of 10.0 The October CPU
became generally available on Oct.16 and includes patches for both
first-party and third-party components that Oracle develops and ships in
its products.
"As with previous Critical Patch Update releases, a significant proportion
of the patches is for third-party components (non-Oracle CVEs, including
open source components)," Eric Maurice, director of security assurance at
Oracle, wrote in a blog post.
While 331 flaws is a large number, it is actually fewer than the 334 that
Oracle patched in the last CPU that it released on July 18. Looking at the
most severe flaw across the 331, the single CVSS 10.0 was given to the
CVE-2018-2913 flaw in Oracle's GoldenGate software.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
