The January 2018 Oracle Critical Patch Update (CPU) fixes 237 new security vulnerabilities across hundreds of Oracle products, including the company’s widely used Oracle Database Server and Java SE.

The CPU includes:

• Fixes for the Java Virtual Machine and four other vulnerable components within the Oracle Database Server, the most severe of which carries a CVSS Base Score of 9.1 out of 10; three of the flaws may be exploited remotely without credentials.
• New security fixes for 21 vulnerabilities in multiple versions of Java SE, 18 of which are remotely exploitable without authentication. The most severe of the vulnerabilities in Java SE has a CVSS Base Score of 8.3. The CPU includes fixes for flaws in Java SE versions 6 though 9.
• Two deserialization vulnerabilities identified in the Java platform by Waratek are patched in the January 2018 CPU.
• The number of vulnerabilities patched in the Java platform have doubled since January 2016.

Read full news article on Help Net Security