Oracle Patch Update July 2015 (Database Server)

Today Oracle have released their latest critical patch update for Database Server. This Oracle Critical Patch Update includes ten new security fixes for Oracle Database impacting the below versions:

• Oracle Database Server 11.1.0.7
• Oracle Database Server 11.2.0.3
• Oracle Database Server 11.2.0.4
• Oracle Database Server 12.1.0.1
• Oracle Database Server 12.1.0.2

 

Importantly two of these vulnerabilities may be exploitable remotely without authentication, this means that they may be exploited over a network without the need for u/name & password credentials. Specifically CVE-2015-4755 which impacts RDBMS security relating to the 12.1.0.2 release.  Other vulernabilities include those related to Oracle OLAP, Core RDBMS, Partioning, & the RDBMS Scheduler.

The official Oracle Patch Update July 2015 can be found here.

Other Notes:

Although not related to this critical patch update, please remember that Error Correction Support for Oracle Database 11.2.0.3 will end shortly on August 27,2015.