Oracle releases Critical Patch Update Advisory – October 2018: fix 301 security bugs

On October 16, 2018, Oracle officially released the October 10 critical patch update announcement CPU (Critical Patch Update), security notices and third-party security bulletins and other announcements, fixed 301 different vulnerability levels. See the appendix table for the impact of each product and the availability of patches.

Vulnerability summary

product Number of vulnerabilities Unauthorized remote utilization Highest CVSS score
Oracle Database server 7 6 9.8
Oracle Communications Applications 14 9 9.8
Oracle Constructions and Engineering Suite 10 9 9.8
Oracle E-Business Suite 16 14 8.2
Oracle Enterprise Manager Products Suite 4 3 9.8
Oracle Financial Services Applications 2 2 8.1
Oracle Food and Beverage Applications 4 1 8.1
Oracle Fusion Middleware 65 56 9.8
Oracle Health Sciences Applications 1 1 6.1
Oracle Hospitality Applications 9 2 8.8
Oracle Hyperion 9 6 7.7
Oracle iLearning 1 1 8.2
Oracle Insurance Applications 5 5 9.8
Oracle Java SE 12 11 9.0
Oracle JD Edwards 6 6 9.8
Oracle MySQL 38 3 9.8
Oracle PeopleSoft Products 24 21 7.5
Oracle Retail Applications 31 21 9.8
Oracle Siebel CRM 3 2 9.8
Oracle Sun Systems Products 19 9 9.8
Oracle Supply Chain Products Suite 6 1 8.8
Oracle Support Tools 1 1 6.5
Oracle Virtualization 14 1 9.0

Critical patch update

A critical patch update is a collection of fixes for multiple security vulnerabilities. Critical patch updates are usually cumulative, but each time only describes the security fixes that have been added since the last critical patch update advisory. Therefore, essential update recommendations for previously released security patches should be reviewed for information on security fixes from earlier releases.

Solution

Given the threat posed by successful attacks, Oracle strongly recommends that customers download and install critical patch update fixes as soon as possible.