Oracle on Tuesday announced the release of 370 patches as part of its quarterly set of security updates. The October 2022 Critical Patch Update (CPU) resolves over 50 critical-severity vulnerabilities.
More than 200 of the newly released security patches deal with vulnerabilities that are remotely exploitable without authentication.
Oracle Communications was the enterprise product to receive the largest number of new fixes, at 74. Of the resolved security defects, 64 can be exploited remotely without authentication and 19 were rated ‘critical severity’.
Fusion Middleware was the second most impacted application, with 56 new security patches, including 43 dealing with flaws that are remotely exploitable without authentication. Nine of the resolved issues are rated ‘critical’.
This month, MySQL received 37 new security patches (11 remotely exploitable, unauthenticated bugs), Retail Applications and Communications Applications each received 27 patches (21 remotely exploitable, unauthenticated issues each), and Financial Services Applications received 24 patches (16).
Oracle also released numerous patches for Siebel CRM (14 patches – 12 for vulnerabilities remotely exploitable without authentication), Supply Chain (13 – 9), JD Edwards (10 – 9), Virtualization (10 – 3), Java SE (9 – 9), PeopleSoft (8 – 4), Systems (8 – 4), and Database Server (8 – 1).
The Oracle CPU for October 2022 also brought patches for Communications Data Model, GoldenGate, Secure Backup, Commerce, Construction and Engineering, E-Business Suite, Enterprise Manager, HealthCare Applications, Hospitality Applications, Hyperion, Insurance Applications, and Utilities Applications.
Oracle products such as Airlines Data Model, Big Data Graph, NoSQL Database, SQL Developer, and TimesTen In-Memory Database received no new security patches, but the software giant rolled out third-party patches for them. Third-party patches were released for other products as well.
As usual, Oracle warns of malicious attempts to exploit unpatched vulnerabilities for which fixes are available, encouraging customers to install the available updates as soon as possible.
“In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay,” the company notes.