Keep Your Oracle Products Secure: Java SE, MySQL, VirtualBox, Solaris, and More Up-to-Date with Vulnerabilities Patched

by

Oracle Company published planned release of updates to its products (Critical Patch Update), aimed at eliminating critical problems and vulnerabilities. In the April update, it was eliminated in total 441 vulnerabilities.

Some problems:

Advertisement

  • 10 security problems in Java SE and 13 problems in GraalVM. 8 vulnerabilities in Java SE can be exploited remotely without authentication and affect environments that allow the execution of untrustworthy code. The most dangerous issues in Java SE (vulnerability in JavaFX/WebKitGTK) and GraalVM (vulnerability in Node.js) have a severity level of 7.5 out of 10. Vulnerabilities are fixed in releases Java SE 22.0.1, 21.0.3 and 17.0.11.
  • 26 vulnerabilities in the MySQL server, all of which can be operated remotely. The most serious problem has a severity level of 6.5 and is associated with a vulnerability in openSSL. Less dangerous vulnerabilities affect the optimizer, InnoDB, Thread Pooling, Group Replication Plugin, Audit Plugin, DML, mysqldump. Issues will be fixed in releases MySQL Community Server 8.4.0 and 8.0.38.
  • 13 vulnerabilities in VirtualBox, 7 of which are marked as dangerous (four problems have a severity level of 8.8 out of 10, and three have a severity level of 7.8 out of 10). Details about the vulnerabilities are not disclosed, but judging by the severity level set, they allow access to the host environment from guest systems. Two vulnerabilities appear only on Linux hosts and two only on Windows hosts. One of the vulnerabilities allows a remote attack via HTTP without authentication, but the severity level for this problem is set at 5.9 out of 10 due to the complexity of exploitation. The vulnerabilities are fixed in the VirtualBox 7.0.16 update.
  • 3 vulnerabilities in Solaris that affect Solaris Zones technology and system utilities. The issues have been assigned severity levels of 8.2, 7.8 and 2.0. Vulnerabilities are fixed in the update Solaris 11.4 SRU68. In addition to eliminating vulnerabilities, the new version also updates package versions Explorer 24.2, Node.js 18.19.1, BIND 9.18.24, libuv 1.48.0, sendmail 8.18.1, Unbound 1.19.1, Firefox 115.9.0esr, Thunderbird 115.9.0, library/nss, library/libtiff and kernel/arch-x86.

Thanks for reading:

Advertisement