Oracle Issues 66 New Fixes

Next Tuesday, according to an announcement on its website, Oracle plans to release Critical Patch Update—a collection of patches for multiple security vulnerabilities.

 As per the post on this site, this Critical Patch Update contains 66 new security vulnerability fixes across hundreds of Oracle (News - Alert) products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products.  Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.

Key products affected include Oracle Database Server, Oracle Secure Backup,Oracle Audit Vault, Oracle Fusion Middleware, Oracle Enterprise Manager Grid Control, Oracle Applications, Oracle Supply Chain Products Suite, Oracle PeopleSoft and JDEdwards Suite, Oracle Industry Applications, Oracle Sun Products Suite, and Oracle Open Office Suite.

This Critical Patch Update contains:

• 6 new security fixes for the Oracle Database Server
• 1 new security fix for Oracle Secure Backup
• 1 new security fix for Oracle Audit Vault
• 16 new security fixes for Oracle Fusion Middleware
• 2 new security fixes for Oracle Enterprise Manager Grid Control
• 2 new security fixes for Oracle Applications
• 3 new security fixes for the Oracle Supply Chain Products Suite
• 10 new security fixes for the Oracle PeopleSoft and JDEdwards Suite
• 2 new security fixes for Oracle Industry Applications
• 21 new security fixes for the Oracle Sun Products Suite  
• 2 new security fixes for the Oracle Open Office Suite.

Vulnerabilities fixed by Critical Patch Updates are scored using the standard CVSS 2.0 scoring--see Oracle's use of CVSS scoring. The highest CVSS 2.0 base score for vulnerabilities in this Critical Patch Update is 10.0 for audit vault of Oracle Audit Vault, JRockit of Oracle Fusion Middleware, Solaris of Oracle Sun Products Suite and WebLogic Server of Oracle Fusion Middleware.