Oracle has released its Critical Patch Update (CPU) for April 2023, This CPU contains fixes for 231 CVEs in 433 security updates across 33 Oracle product families, including more than 70 that fix critical vulnerabilities in Oracle code and in third-party components included in Oracle products including but not limited to: Oracle Database Server,MYSQL Server and Oracle JDeveloper.

Security Risks

Malicious actors could exploit these vulnerabilities to gain unauthorized access, steal sensitive information, execute malicious code, escalate privileges, or cause denial of service.

For the full list of security updates released by Oracle, please refer to Critical Patch Updates.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

1. Upgrade, as soon as possible, to the latest supported version of installed software in order to continue receiving technical support and security patches.

2. Before updating or patching, please ensure that you have the latest backup that can easily be restored.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009.

References

Oracle security updates

Oracle Critical Patch Updates Advisory