Oracle published the January 2025 Critical Patch Update, which aims to address critical issues and vulnerabilities in its products. In this update, 318 vulnerabilities were resolved.
Among the problems addressed are:
2 security issues in Java SE, one of which can be exploited remotely without authentication. The most severe vulnerability in Java SE has a danger rating of 7.3 and affects the Hotspot installer. Another remotely exploitable vulnerability with a danger rating of 4.8 affects the Hotspot virtual machine. These vulnerabilities are fixed in Java SE versions 23.0.2, 17.0.14, 11.0.26, and 8U441.
7 vulnerabilities in the MySQL server, including 3 that can be exploited remotely. The two most critical vulnerabilities with a danger rating of 9.1 are related to Kerberos and Curl components. Less severe vulnerabilities impact Innodb, Thread Pooling, DDL, optimizer, parser, and authentication systems. These issues are resolved in MySQL Community Server versions 9.2.0, 8.4.4, and 8.0.41.
2 vulnerabilities in VirtualBox, with one marked as a significant threat with a rating of 7.3 out of 10. These vulnerabilities, which allow local users to escalate their privileges, are fixed in VirtualBox versions 7.1.6 and 7.0.24.
1 vulnerability in Solaris affecting the file system with a danger level of 6 out of 10. The vulnerability is addressed in an update to Solaris.