Preface: Oracle Linux is an optimized and secure operating environment for application development and deployment. Oracle Linux 9 with UEK R7 provides kernel, performance, and security enhancements.
On 16th May 2023 Oracle added second revise on their bulletin which held on April 2023. In NVD CVE publications advisories, CVE-2023-21930 also provided lasted update on 27th April 2023.
Does this update related to oracle DB environment stability ? This is the goal of this short discussion.
Background: What does Java SE do? It provides a foundation for building and deploying network-centric enterprise applications that range from the PC desktop computer to the workgroup server.
Vulnerability details: Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
Impact of Java SE Security Vulnerabilities on Oracle Products:
- Oracle WebLogic Server – Version 10.3.2 and later
- Oracle Fusion Middleware – Version 10.1.2.0.0 to 10.1.4.3.0 [Release AS10gR2 to AS10gR3]
- Oracle Containers for J2EE – Version 10.1.2.0.0 to 10.1.3.5.0 [Release AS10gR2 to AS10gR3]
- Oracle Database – Enterprise Edition – Version 22.214.171.124 and later
Official announcement: For details, please refer to the link – https://www.oracle.com/security-alerts/linuxbulletinapr2023.html