Oracle’s April Critical Patch Update Fixes 88 Vulnerabilities

Yesterday, Oracle released their quarterly Critical Patch Update (CPU) for April 2012. Oracle CPUs are collections of security updates, which fix security flaws in the wide-range of products Oracle offers. According to their April advisory, this quarter’s CPU fixes 88 vulnerabilities in many of their products, including

  • Oracle Database
  • Oracle Application Server
  • Oracle Identity Manager
  • Oracle JDeveloper
  • Oracle PeopleSoft
  • Oracle MySQL Server
  • and many other products.

For a complete list of the affected Oracle products, see the “Affected Products and Components” section of their advisory.

Oracle’s advisory doesn’t describe every flaw in technical detail. However, they do describe their scopes and general impact, as well as assign each of them CVSS severity scores. The 88 vulnerabilities differ greatly in their scope and impact, but the worst of them pose a pretty critical risk. For instance, unauthenticated, remote attackers can exploit a few of the Oracle Database vulnerabilities to gain unauthorized access to your database server. The update also includes a critical fix for JRocket with the highest CVSS score of 10.

If you manage any of the Oracle products listed in their April CPU advisory, I recommend you visit the Patch Availably section of their alert, and download, test and deploy the appropriate updates as soon as you can. — Corey Nachreiner, CISSP (@SecAdept).

About Corey Nachreiner

Corey Nachreiner has been with WatchGuard since 1999 and has since written more than a thousand concise security alerts and easily-understood educational articles for WatchGuard users. His security training videos have generated hundreds of letters of praise from thankful customers and accumulated more than 100,000 views on YouTube and Google Video. A Certified Information Systems Security Professional (CISSP), Corey speaks internationally and is often quoted by other online sources, including C|NET, eWeek, and Slashdot. Corey enjoys "modding" any technical gizmo he can get his hands on, and considers himself a hacker in the old sense of the word.

6 Responses to “Oracle’s April Critical Patch Update Fixes 88 Vulnerabilities”

  1. Oracle Technology Network provides services and resources to help developers.

  2. Hi there I am so thrilled I found your website, I really found you
    by accident, while I was browsing on Google for something else, Regardless I am here now and would just like
    to say cheers for a tremendous post and a all round interesting blog (I also love the theme/design), I don’t have time
    to read it all at the moment but I have bookmarked it and also added in your RSS feeds, so when I have time I will be back to read much more,
    Please do keep up the fantastic work.

  3. Justine L. Braver Reply October 5, 2014 at 8:56 pm

    You can certainly see your expertise within the article you write.

    The world hopes for more passionate writers like you
    who are not afraid to mention how they believe. Always go after
    your heart.


  1. Oracle’s April Critical Patch Update Fixes 88 Vulnerabilities | Mark A. Ashford Consulting Inc. - April 19, 2012

    […] at Manage Subscriptions. > > Trouble clicking? Copy and paste this URL into your browser: >… > Thanks for flying with > > Share this:ShareFacebookStumbleUponRedditDiggPrintEmail […]

  2. WatchGuard Security Week in Review: Episode 14 | WatchGuard Security Center - April 19, 2012

    […] Oracle April 2012 CPU – WatchGuard Security Center […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: