The recently published “Oracle Critical Patch Update Advisory” lists a total of 419 security patches. Numerous security gaps have been closed across Orcal’s product portfolio, which in several cases were rated as “critical” with a CVSS score close to 10.
Not all gaps addressed in the advisory are “freshly published”. Rather, it is a quarterly summary that also addresses security issues in third-party components. Nevertheless, it is advisable for admins to compare their own update status with the advisory.
An overview of all products for which patches are available is at the beginning of the advisory. They are linked to the relevant vulnerability descriptions in the document and also refer to separate “Patch Availability” documents. Log-in to the Oracle customer account is required to access the latter.
Own advisories for Solaris, Oracle Linux & VM Server
As usual, Oracle has published separate security and update notes for the Solaris operating system, for Oracle Linux and for VM Server for x86 in parallel to its cross-product advisory. An overview page lists current and previous advisories and also names the dates for upcoming critical patch updates. The next one is expected on January 18, 2022.