Oracle To Serve Up 41 Patches Next Tuesday

file patch

The fixes are part of the company's regularly scheduled Critical Patch Updates (CPU). Seventeen of the fixes are for the Oracle Database, including two for Oracle Application Express. On Oracle's Website, it notes, "Two of these vulnerabilities may be remotely exploited without authentication, i.e. may be exploited over a network without the need for a username and password. None of these fixes are applicable to Oracle Database client-only installations, i.e. installations that do not have the Oracle Database installed."

Eleven of the security patches are for the Oracle E-Business Suite, with seven of the vulnerabilities potentially able to be remotely exploited without authentication. Oracle's Application Server has three vulnerabilities addressed by the upcoming CPU: all of them may be remotely exploited over a network without the need for a username and password.

Oracle E-Business Suite products use Oracle Database and Oracle Application Server products which have vulnerabilities fixed in this CPU.

The Critical Patch Update affects the following products:

• Oracle Database 11g, version 11.1.0.6
• Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3
• Oracle Database 10g, version 10.1.0.5
• Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
• Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.1.0, 10.1.3.3.0
• Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.0.2, 10.1.2.1.0, 10.1.2.2.0
• Oracle Application Server 10g (9.0.4), version 9.0.4.3
• Oracle Collaboration Suite 10g, version 10.1.2
• Oracle E-Business Suite Release 12, versions 12.0.0 - 12.0.4
• Oracle E-Business Suite Release 11i, versions 11.5.9 - 11.5.10 CU2
• Oracle PeopleSoft Enterprise PeopleTools versions 8.22.19, 8.48.16, 8.49.09
• Oracle PeopleSoft Enterprise HCM versions 8.8 SP1, 8.9, 9.0
• Oracle Siebel SimBuilder versions 7.8.2, 7.8.5
• In other security related news, the company outlined its vision for service-oriented security this week. Oracle said that decoupling hard-coded security features from enterprise applications will create reusable, standards-based security services and protocols which any application can use. In addition, through SOA, Oracle aims to help organizations simplify and centralize several critical security processes including authentication, authorization, user administration, role management, identity virtualization and governance, and entitlement management, as well as audit and control.