+44 (0)115 933 8474 hello@n4stack.co.uk

Oracle Patch Update April 2016 (Database Server)

Oracle have released their latest critical patch update for Database Server yesterday (19/4). This Oracle Critical Patch Update includes five new security fixes for Oracle Database impacting the below supported versions:

  • Oracle Database Server 11.2.0.4
  • Oracle Database Server 12.1.0.1
  • Oracle Database Server 12.1.0.2

Importantly two of these vulnerabilities may be exploitable remotely without authentication, this means that they may be exploited over a network without the need for u/name & password credentials. These are CVE-2016-3454 and CVE-2016-0677 which relate to the Java VM and RDMBS Security (Kerberos) respectively.

Please see the full Oracle advisory here http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Share This