Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.
Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.
Already using Google+? Find us on Google+ for the latest security news.
Oracle's latest Patch Tuesday has come and gone, with the database-and-more behemoth putting out patches for 89 vulnerabilities.
Twelve products sets in the Oracle stable get from 1 to 21 patches each.
These squash a total of 45 RCEs, or Remote Code Execution vulnerabilities.
In Oracle's own words, which are actually well chosen and plainly put, RCEs are defined as:
vulnerabilities [that] may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
The affected product suites are listed below. (Oracle and Sun Systems Products, by the way, means Solaris, if you remember that.)
Oracle Enterprise Manager Grid ControlOracle Supply Chain Products SuiteOracle and Sun Systems ProductsThe one Oracle product conspicuous by its absence from this list is Java.
That's because Java is still on its own once-in-four-months update schedule, and received its most recent Critical Patch Update (CPU) last month.
This should be the last time this that Java will have to march to the tune of its own drum.
October 2013 is Oracle's annual "patchinox", when patches for Java and the rest of Oracle's products coincide.
The company has said that from then on, all non-emergency Critical Patch Updates will take place quarterly, at the same time.
Follow @duckblog
