Oracle Patch Update April 2017 (Database Server)
Oracle have released their latest critical patch update for Database Server yesterday evening (18/4). This Oracle Critical Patch Update includes 2 new security fixes for Oracle Database and fix for a high scoring vulnerability for Oracle Secure Back up. These updates are available for the below supported versions:
- Oracle Database Server 11.2.0.4
- Oracle Database Server 12.1.0.2
The Oracle Secure Backup/ PHP nasty is exploitable remotely, without the need for authentication. ext/session/session.c in certain versions of PHP does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.
For more information please see the full Oracle update at http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixDB