TMCnet News
Waratek Issues Guidance on Oracle April 2018 CPUDUBLIN and ATLANTA, July 18, 2018 /PRNewswire/ -- Waratek, the compiler-based application security company, has issued guidance on Oracle's latest Critical Patch Update (CPU) for July 2018. The number of Java SE patches in the Q3 CPU dropped by 75 percent from a 30-month high set one year ago, despite the fact the overall number of Oracle software fixes total 334, the highest number of patches in eleven quarters. "On the surface, the downward trend of Java SE patches would appear to be positive," said Apostolos Giannakidis, Waratek's Security Architect. "However, several actions taken to fix Java SE vulnerabilities in the July CPU are likely to break the functionality of certain applications. Application owners who apply binary patches should be extremely cautious and thoroughly test their applications before putting patches into production." Application Functionality is at Risk The fix for the most critical Java SE vulnerability in the July CPU - CVE-2018-2938 - removes the vulnerable component (Java DB) from the JDK. Users that depend on this component must manually obtain the latest Apache Derby artifacts and rebuild their applications. Waratek Patch customers are unaffected by this JDK component removal and can obtain the virtual patch for CVE-2018-2938 from Waratek, eliminating the need to obtain the latest Apache Derby artifacts and rebuild their applications. Waratek virtual patches are applied in real-timewith no downtime or source code changes. In addition, the July CPU release changes the algorithms used in endpoint identification on LDAPs. Applications that use LDAP over TLS connections may stop functioning properly. If backwards combability issues arise, Oracle recommends to disable endpoint identification using a new system property. However, by disabling these security checks, attackers can potentially exploit this attack vector. Waratek Enterprise users are already protected against this deserialization attack vector while allowing reflective frameworks to work as expected. Other highlights from the release include:
For more information about how the July 2018 Oracle Critical Patch Update may impact your applications or how we can help patch and protect your applications with no downtime or source code changes, please contact Waratek. About Waratek Waratek is one of CSO Online's Best Security Software solutions of 2017, a winner of the RSA Innovation Sandbox Award, and more than a dozen other awards and recognitions. Waratek is based in Dublin, Ireland and Atlanta, Georgia. For more information visit https://www.waratek.com/ Media Contact:
View original content:http://www.prnewswire.com/news-releases/waratek-issues-guidance-on-oracle-april-2018-cpu-300682976.html SOURCE Waratek |