Oracle has released the Critical Patch Update (CPU) for October 2024 to address multiple vulnerabilities in Oracle Java and Oracle Products. These patches specifically target vulnerabilities found in Java SE and various other Oracle products.

Affected Systems:

• Oracle Java SE

• Database

• Fusion Applications and Middleware

• Oracle MySQL Product Suite

• NoSQL Database

• Oracle and Sun Systems Products Suite

A complete list of the affected products can be found at https://www.oracle.com/security-alerts/cpuoct2024.html

Security Risks

The successful exploitation of these vulnerabilities poses a significant security risk, as remote attackers could potentially exploit them to gain control over the affected system.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

1. Upgrade, as soon as possible, to the latest supported version of installed software in order to continue receiving technical support and security patches.

• For Oracle Java SE products, please refer to the following link: https://www.oracle.com/java/technologies/javase-downloads.html

• For OpenJDK, please refer to the following link: https://jdk.java.net

2. Before updating or patching, please ensure that you have the latest backup that can easily be restored.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009.

References

• Oracle Critical Patch Updates, Security Alerts and Bulletin