Oracle releases Critical Patch Update Advisory – October 2018: fix 301 security bugs
On October 16, 2018, Oracle officially released the October 10 critical patch update announcement CPU (Critical Patch Update), security notices and third-party security bulletins and other announcements, fixed 301 different vulnerability levels. See the appendix table for the impact of each product and the availability of patches.
Vulnerability summary
| product | Number of vulnerabilities | Unauthorized remote utilization | Highest CVSS score |
| Oracle Database server | 7 | 6 | 9.8 |
| Oracle Communications Applications | 14 | 9 | 9.8 |
| Oracle Constructions and Engineering Suite | 10 | 9 | 9.8 |
| Oracle E-Business Suite | 16 | 14 | 8.2 |
| Oracle Enterprise Manager Products Suite | 4 | 3 | 9.8 |
| Oracle Financial Services Applications | 2 | 2 | 8.1 |
| Oracle Food and Beverage Applications | 4 | 1 | 8.1 |
| Oracle Fusion Middleware | 65 | 56 | 9.8 |
| Oracle Health Sciences Applications | 1 | 1 | 6.1 |
| Oracle Hospitality Applications | 9 | 2 | 8.8 |
| Oracle Hyperion | 9 | 6 | 7.7 |
| Oracle iLearning | 1 | 1 | 8.2 |
| Oracle Insurance Applications | 5 | 5 | 9.8 |
| Oracle Java SE | 12 | 11 | 9.0 |
| Oracle JD Edwards | 6 | 6 | 9.8 |
| Oracle MySQL | 38 | 3 | 9.8 |
| Oracle PeopleSoft Products | 24 | 21 | 7.5 |
| Oracle Retail Applications | 31 | 21 | 9.8 |
| Oracle Siebel CRM | 3 | 2 | 9.8 |
| Oracle Sun Systems Products | 19 | 9 | 9.8 |
| Oracle Supply Chain Products Suite | 6 | 1 | 8.8 |
| Oracle Support Tools | 1 | 1 | 6.5 |
| Oracle Virtualization | 14 | 1 | 9.0 |
Critical patch update
A critical patch update is a collection of fixes for multiple security vulnerabilities. Critical patch updates are usually cumulative, but each time only describes the security fixes that have been added since the last critical patch update advisory. Therefore, essential update recommendations for previously released security patches should be reviewed for information on security fixes from earlier releases.
Solution
Given the threat posed by successful attacks, Oracle strongly recommends that customers download and install critical patch update fixes as soon as possible.
