Oracle Patch Update October 2017 (Database Server)
Oracle have released their latest critical patch update for Database Server yesterday (18/10). This Oracle Critical Patch Update includes 6 new security fixes for Oracle Database. These updates are available for the below supported versions:
- Oracle Database Server 11.2.0.4
- Oracle Database Server 12.1.0.1
- Oracle Database Server 12.1.0.2
The two Apache (Tomcat & Groovy) vulnerabilities are remotely exploitable without authentication, the rest are all subject to local attack vectors. For more information please see the full Oracle update at http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixDB