Oracle issued more than 200
security patches across a wide swath of its product line with Fusion
Middleware, Java SE and MySQL receiving the majority of the fixes.
Overall 218 fixes were issued in the October update. This is the
fourth security update issued by Oracle in 2019 with the next scheduled for
January 2020.
The most critical of the 37 issues patched in Fusion Middleware CVE-2019-2904,
CVE-2016-1000031 and CVE-2019-2905 which can be found in the sub-products Oracle
JDeveloper and ADF, Oracle Virtual Directory and Oracle Business Intelligence
Enterprise Edition. If exploited all can lead to remote code execution.
Java SE received 20 patches, although most were only rated as
moderate issues. The top three of these were CVE-2019-2949, CVE-2019-2989 and CVE-2019-2958.
All can be found in Java SE and Java SE Embedded and can lead to remote code execution.
MySQL had 34 patches applied with most carrying a base rating below 8.0, except for CVE-2019-8457 which was listed at 9.8. This vulnerability is found specifically in MySQL Workbench and like the others can result in remote code execution if left unpatched.
Oracle’s last security update occurred in July 2019.
Gloss