Oracle Critical Patch Update Advisory – April 2018

Haythem Elmir


A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:

Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.

This Critical Patch Update contains 254 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at April 2018 Critical Patch Update: Executive Summary and Analysis.

The January 2018 Critical Patch Update provided patches in response to the Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) processor vulnerabilities. Please refer to this Advisory and the Addendum to the January 2018 Critical Patch Update Advisory for Spectre and Meltdown MOS note (Doc ID 2347948.1) for information on how to obtain these patches.

Affected Products and Patch Information

Security vulnerabilities addressed by this Critical Patch Update affect the products listed below. The product area is shown in the Patch Availability Document column.



To read the original article:

Laisser un commentaire

Next Post

XiaoBa Ransomware Retooled as Coinminer But Manages to Ruin Your Files Anyway

The authors of the XiaoBa ransomware have retooled their malware’s code into a cryptocurrency miner (coinminer). Unfortunately, despite not encrypting files anymore, the XiaoBa coinminer still destroys users’ data thanks to a series of bugs that primarily corrupt a user’s executable files. History of the XiaoBa ransomware The XiaoBa ransomware […]