Oracle Critical Patch Update
Description
Oracle released critical patch update to address vulnerabilities in Oracle code and in third-party components included in Oracle products. A remote attacker exploiting these vulnerabilities may perform unauthorized operations or unauthorized deletion or falsification of sensitive information. This critical patch update contains 342 new security patches across the affected products and versions listed below
-
Java SE JDK/JRE 16.0.1
-
Java SE JDK/JRE 11.0.11
-
Java SE JDK/JRE 8u291
-
Java SE JDK/JRE 7u301
-
Java SE Embedded 8u291
-
Oracle Database Server 19c
-
Oracle Database Server 12.2.0.1
-
Oracle Database Server 12.1.0.2
-
Oracle WebLogic Server 14.1.1.0.0
-
Oracle WebLogic Server 12.2.1.4.0
-
Oracle WebLogic Server 12.2.1.3.0
-
Oracle WebLogic Server 12.1.3.0.0
-
Oracle WebLogic Server 10.3.6.0.0
Security Risks
A remote attacker may cause the application to crash or execute arbitrary code by leveraging these vulnerabilities. On top of affected products listed above, there are many other versions and products affected by these vulnerabilities and there are cases where Java JRE is pre-installed on the PC or WebLogic is used in software products for servers. Please check if any of the affected products is included in the PCs or servers that you use.
Recommendations
The National Cyber Security Authority (NCSA) recommends all users of the affected products to apply the released security patches without delay and update to the latest versions appropriately in order to remain on activelysupported versions. As for Java SE, the following versions have been released:
-
Java SE JDK/JRE 16.0.2
-
Java SE JDK/JRE 11.0.12
-
Java SE JDK/JRE 8u301
-
Java SE JDK/JRE 7u311
-
Java SE Embedded 8u301
For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009
Reference
https://www.oracle.com/security-alerts/cpujul2021.html
Related Files
24 July 2021