Oracle has released another monster quarterly security update containing 136 fixes for flaws in a wide range of products including Oracle Database Server, E-Business Suite, Fusion Middleware, Oracle Sun Products, Java and MySQL.
The biggest change is Oracle’s adoption of the Common Vulnerability Scoring System (CVSS) version 3.0, which more accurately reflects the impact of flaws than CVSS 2.0. This Oracle Critical Patch Update (CPU) has both CVSS 3.0 and CVSS 2.0 scores for vulnerabilities, providing a chance to compare how the new rating system might affect Oracle patch prioritization inside organizations.