October 2014 CPU Database JVM Vulnerabilities FAQ
(Doc ID 1940702.1)
Last updated on AUGUST 04, 2018
Applies to:Oracle Database - Enterprise Edition
Information in this document applies to any platform.
The October 2014 Critical Patch Update included fixes for high severity vulnerabilities in the Oracle databases. A number of these database vulnerabilities are related to features implemented using Java in the Database, and some of these vulnerabilities have received a CVSS Base Score of 9.0.
The purpose of this document is to answer some frequently-asked questions about these Java-related vulnerabilities and the fixes provided with this Critical Patch Update release.
For more information see:
(1) Official Oracle blog posted at https://blogs.oracle.com/security/entry/october_2014_critical_patch_update.
(2) October 2014 Critical Patch Update Advisory located at http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
For your convenience, the Database Risk Matrix of the October 2014 Critical Patch Update is reproduced at the end of this document. Please refer to the URL above for the most authoritative version of this risk matrix as it may be updated and these updates may not be reflected in the reproduction below.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|Questions and Answers|