back to article Thought Patch Tuesday was a load? You gotta check out this Oracle mega-advisory, then

Oracle has released a wide-ranging security update to address more than 300 CVE-listed vulnerabilities in its various enterprise products. The October release covers the gamut of Oracle's offerings, including its flagship Database, E-Business Suite, and Fusion Middleware packages. For Database, the update addresses a total of …

  1. Anonymous Coward
    Anonymous Coward

    Just woke up

    This must be a nightmare, right?

    1. A.P. Veening Silver badge

      Re: Just woke up

      No nightmare, business as usual with Oracle stuff.

    2. Claptrap314 Silver badge
      Trollface

      Re: Just woke up

      You mean the one where you are using Oracle products?

  2. Anne-Lise Pasch

    "Solaris and Linux machines with lower user privileges will be considered to be at a lower risk than Windows machines that *typically* operate with admin privileges"

    This makes me sad, but its also probably true.

    1. sitta_europea

      "I'm a director of the company so I insist on using the Administrator account!"

      For everything. This is a genuine quote from a director of a genuine customer company.

      The company went bust, a year ago this month. Obviously I hadn't let the account get in too deep, but it still cost me money.

    2. Anonymous Coward
      Anonymous Coward

      "This makes me sad, but its also probably true."

      It's not true for much Microsoft network accessible services and other well written software. Limited rights Network Service accounts have been a thing for many years.

  3. Alan J. Wylie

    libssh and libssh2

    There are two similarly named projects:

    libssh: the one with the vulnerability, and libssh2 which so far doesn't seem to be affected.

    Red Hat / Centos, at least, use libssh2.

    Note also that it only affects servers, not clients. sftp servers seem to be the most likely to be vulnerable and exposed.

  4. Spazturtle

    People always criticise the OpenBSD team for being slow and being run by 'arrogant autists' but you never see these kind of issues in any of their projects like OpenSSH.

    1. Surreal
      Devil

      Never?

      "Never" isn't entirely accurate. I'll give you a pass for "very seldom".

      http://www.securiteam.com/exploits/5MP030A7PA.html

  5. sitta_europea

    OpenSSH has nothing to do with libssh does not use it.

    That could have been clearer in the article.

  6. PowerBenny
    Facepalm

    Begin again

    Hands up who hasn't yet applied the July updates? I have, but I burnt all my good will charging through the dev and test environments disrupting the business-value-delivering initiatives with my mundane "patching". Hey, I'm only keeping the core systems secure, trivial shit I know.

  7. amanfromMars 1 Silver badge

    Tick, Tick, Tick, Tick, Tick........ Tock*

    while the third, CVE-2018-7489, would require the user to have a Rapid Home Provisioning account to execute and is considered by far the least severe of the three.

    And whenever Rapid Home Provisioning Accounts are for Rapid ElectronICQ Progress?

    Would they be Vital for Life in Newly Established Services with Live Operational Virtual Environments ..... with Wacky Wild Western Desserts to Delight and Erotic Exotic Eastern Confections to Flavour with a Savouring and Servering.

    Heap Powerful Medicine, Kemo Sabe. Cataclysmically COSMIC isn't a MisUnderEstimation.

    * ..... or do you prefer a !BIGBOMBEBOOM ‽ Defunct and Obsolete Stock Firesales Crashing Systems and Markets ..... with Algo Processor Meltdowns/Crazy Trades :-)

    Servicing and Servering to Equity Markets in Realisation of Future Virtualised AIdVenturing.

    Are you invested and support enabled and enabling? Hi, Very Pleased to Meet and Feed and Seed with You Too.

    :-)And don't be fooled to believe there is a real problem catching up with renegade angels .... Sympathy for the Devil

    Forgiveness and Redemption are Divine and Define One Alongside a Very Few.

    1. Anonymous Coward
      Anonymous Coward

      Re: Tick, Tick, Tick, Tick, Tick........ Tock*

      or do you prefer a !BIGBOMBEBOOM ‽ Defunct and Obsolete Stock Firesales Crashing Systems and Markets ..... with Algo Processor Meltdowns/Crazy Trades :-)

      I am sure no one wants that amfM :-(

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020