Oracle to plug 113 security holes in July critical patch update

[Qtx]

Quote:

ORACLE EXPECTS to release a whopping 113 bug patches to fix a variety of vulnerabilities as part of its monthly security bulletin, the firm said in its Critical Patch Update Pre-Release Announcement for July.

Set to arrive on Tuesday 15 July, the update includes fixes for 20 vulnerabilities in Java SE, all of which can be exploited by an attacker remotely without the need for login credentials.

29 of the fixes are for Oracle's Fusion Middleware suite, with 27 able to be exploited over a network without the need for a username and password. Affected middleware components include BI Publisher, Glassfish Server, HTTP Server, Jdeveloper, Webcenter Portal and Weblogic Server.

Another 15 of the critical patch update fix Oracle's virtualisation software, eight of which are vulnerabilities that also can be remotely exploitable without authentication. Another 10 fixes patch Oracle MySQL

From TheInquirer

TL;DR - If you are a Java developer or use other Oracle software, check for patches tomorrow.

These Java type of holes can be exploited to install trojans or whatever simply by you visiting a website with your browser. Assuming from the info that Java JRE, which is the version home users tend to have, doesn't have the issue. But might be worth checking for updates anyway.

[qasdfdsaq]

I know some people running Glassfish server without a password anyway >_>