Update Java SE, MySQL, VirtualBox and other Oracle products with vulnerabilities

Oracle Posted Planned edition of your products updates (Critical Patch Update) aimed at eliminating critical problems and vulnerabilities. In April update in the amount eliminated 390 vulnerabilities .

Some problems:

  • 2 Safety problems in java se. All vulnerabilities can be operated remotely without authentication. Problems have a hazard level of 5.9 and 5.3, are present in libraries and manifest themselves only in environments that make not a credible code. Empty is eliminated in the releases of Java SE 16.0.1, 11.0.11 and 8U292 . Optional is noted Disable Default TLSV1.0 and TLSV1.1 protocols in OpenJDK.
  • 43 vulnerabilities in the MySQL server, of which 4 can be operated remotely (given vulnerabilities are assigned Hazard level 7.5). Remotely exploited vulnerabilities are manifested when assembling with OpenSSL or MIT Kerberos. 39 locally exploited vulnerabilities are caused by errors in the parser, InnoDB, DML, optimizer, replication system, the organization of stored procedures and a plugin for audit. Problems are eliminated in the releases of MySQL Community Server 8.0.24 and 5.7.34 .
  • 20 vulnerabilities in VirtualBox. The three most dangerous problems have a hazard level of 8.1, 8.2 and 8.4. One of these problems allows a remote attack through manipulation with the RDP protocol. Vulnerabilities are eliminated in updating VirtualBox 6.1.20 .
  • 2 vulnerabilities in Solaris. Maximum degree of danger 7.8 – locally operated vulnerability in CDE (Common Desktop Environment). The second problem has a level of danger 6.1 and manifests itself in the kernel. Problems are eliminated in updating Solaris 11.4 SRU32 .
/Media reports.