Fixes for vulnerabilities in 48 different products

Oracle today rolled out a Critical Patch Update for the month of January 2015, which contains fixes for 167 vulnerabilities found in hundreds of the company's products. The most severe of these received a score of 10.0 on the Common Vulnerability Scoring System (CVSS), the highest score available -- they pertain to Fujitsu M10-1 of Oracle Sun Systems Products Suite, Java SE of Oracle Java SE, M10-4 of Oracle Sun Systems Products Suite, and M10-4S Servers of Oracle Sun Systems Products Suite.
"Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible," Oracle stated in a pre-release announcement.
Of the 19 security fixes for Java SE, 14 of the vulnerabilities may be remotely exploitable without authentication, meaning they can be exploited over a network without the need for a username and password, Oracle said. And of the 29 security fixes for Sun Systems Products Suite, the same goes for 10 of them.
However, it was Fusion Middleware that received the most attention. Oracle included 35 new security fixes for Fusion Middleware, 28 of which may be remotely exploitable without authentication.
Image Credit: Flickr (D. Miller)
Follow Paul on Google+, Twitter, and Facebook


More...