Oracle published the planning release of updates of its products (Critical Patch Update), aimed at eliminating critical problems and vulnerabilities. In the April update, it was eliminated 378 vulnerabilities.
Some problems:
- 5 safety problems in Java Se. All vulnerabilities in Java SE can be exploited remotely without authentication and affect the environment that allow the implementation of the code that does not deserve confidence. The most dangerous problems in Java SE have a danger level of 7.4-7.5 and affect Webkitgtk, Gstreamer, and JSSE. Vulnerabilities are eliminated in the issues java SE 24.0.1, 21.0.7.0.15, 11.0.27, and 8U442.
- 28 vulnerabilities in the MySQL server, of which 26 can be removed remotely if they are available for sending a request for sending a request to the DBMS. Six most serious problems have a danger level of 6.5 and are associated with vulnerabilities in the Innodb engine, Parser, and optimizer. Less dangerous vulnerabilities affect Innodb, Thread Pooling, DDL, optimizer, parser, and authentication system. Problems are fixed in the issues MySQL Community Server 9.3.0, 8.4.5, and 8.0.42.
- 3 vulnerabilities in Virtualbox, one of which is marked as dangerous (8.1 out of 10). Vulnerabilities that allow local users to increase their privileges are eliminated in updates to Virtualbox 7.1.8 and 7.0.26.
- 2 vulnerabilities in Solaris, which affect the file system (hazard level 7.2 out of 10) and PAM (PLUGGABLEABLEAR Authentication Module). Vulnerabilities are eliminated in the update
/Reports, release notes, official announcements.