Oracle has released its Critical Patch Update (CPU) for April 2018 that addresses 254 vulnerabilities across multiple products.
A remote attacker could exploit a number of these vulnerabilities to take control of an affected system.
Oracle products affected include, but not limited to: Oracle Database Server, Oracle Fusion Middleware, Oracle E-Business Suite, Oracle PeopleSoft, Oracle Industry Applications (Construction, Financial Services, Hospitality, Retail, Utilities), Oracle Java SE and Oracle Systems Products Suite.
Approximately a third of the vulnerabilities in the Oracle update address third party products (such as Apache) also included in Oracle product distributions.
Oracle also reminded users that the the Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) processor vulnerabilities were addressed in the January 2018 critical patch release.