Oracle Patch Update January 2017 (Database Server)

Oracle have released their latest critical patch update for Database Server yesterday evening (17/1) and it’s a pretty small list of vulnerabilities in comparision with typical releases.

This Oracle Critical Patch Update includes 2 new security fixes for Oracle Database impacting the below supported versions:

• Oracle Database Server 11.2.0.4
• Oracle Database Server 12.1.0.2

CVE-2017-3310 for an OVJM vulnerability is by far the most important with a base score of 9.0 and neither vulnerability is exploitable remotely without authentication.

Please see the full Oracle advisory here http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixDB as there are also vulnerabilities noted with Secure Backup and Big Graph.