The January 2018 Critical Patch Update contains 13 new security fixes for the Oracle Sun Systems Products Suite that address 7 remotely exploitable issues.
Oracle updates include the fix for the Spectre CVE-2017-5715 vulnerability affecting its Oracle X86 Servers and Oracle VM VirtualBox. The security updates for Oracle X86 Servers include Intel microcode that allows mitigating the issue in OS and VM.
“Application of firmware patches to pick up the Intel microcode is required only for Oracle x86 servers using non Oracle OS and Virtualization software. Oracle OS and Oracle VM patches for CVE-2017-5715 will include updated Intel microcode.” reads a note included in the advisory “Oracle OS and Oracle VM patches for CVE-2017-5715 will include updated Intel microcode,”
The advisory includes the full list of fixes along with affected products, the product with the largest number of fixes is Financial Services Applications (34 patches, 13 of them remotely exploitable without authentication).
The second product for the number of fixes is the Fusion Middleware with 27 fixes (21 of them remotely exploitable without authentication).
The third is MySQL with 25 fixes, 6 of which remotely exploitable.
Let’s close with the most severe issue, the CVE-2018-2611 flaw rated with CVSS score 10 affects Sun ZFS Storage Appliance Kit (AK).
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.