Oracle released a large number of security updates, involving Java, etc.

Oracle has just released a large number of Security Updates involving 104 security vulnerabilities in multiple products.

Among them, 37 vulnerabilities are about Java SE. Oracle's announcement shows that 35 vulnerabilities can be exploited remotely without authentication. Among the four bugs, the CVSS base score reaches 10, which is the most dangerous level of a bug.

29 of the 37 vulnerabilities only affect client publishing, and 6 affect Java SE on the client and server. Eric Maurice, an Oracle Security Department expert, posted a blog saying that the vulnerabilities in Oracle affected javadoc and unpack200 tools. For desktop users, including home users, you can use Java to automatically update or access java.com to obtain the latest Java version. Java SE security patches are accumulated through the Critical Path Update program.

He added: Oracle strongly recommends that Java users, especially home users, use the latest Java version and remove the old version.

In addition to Java, this security update also includes Fusion middleware and MySQL databases.

Fusion middleware vulnerabilities can be exploited through HTTP, and 13 of them can be remotely exploited without authentication.

MySQL has 14 security vulnerabilities, two of which can be exploited remotely without authentication.

This update also includes five Oracle virtualization patches and three Oracle and SUN system product kits: iLearning, Siebel CRM, and PerpleSoft. The 10 involved Oracle Supply Chain product kits, two involved Oracle databases, and three involved Oracle epoch.

Oracle strongly recommends that you use this Critical Patch Update (CPU) for updates immediately. The next CPU will be released in December July 15.