Oracle Preps 66 Patches In Blockbuster Critical Patch Update
In a security advisory highlighting the quarterly critical patch update (CPU), Oracle warned: "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible."
Among the bugs Oracle will patch, the company said 35 can be remotely exploited without authentication, meaning a username and password isn't needed. Oracle also ranked four of the vulnerabilities as a 10 on its Oracle's Common Vulnerability Scoring System (CVSS), the most severe vulnerability level. The specific products with the most severe vulnerabilities and exploitation possibilities include Oracle Audit Vault, JRockit, Solaris and WebLogic Server. Meanwhile, two vulnerabilities in Oracle Open Office ranked a 9.3 on the CVSS scale.
According to Oracle, the CPU contains seven security fixes for Oracle Database Server, five of which are for the Oracle Database Server, one for Oracle Secure Backup and one for Oracle Audit Vault. Among them, three may be "remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password."
Oracle's Sun Products Suite will receive 23 new security fixes, 21 for the product suite and two for the Oracle Open Office Suite.
Additionally, the CPU contains 16 new security fixes for Oracle Fusion Middleware, 12 of which may be remotely exploitable without authentication, Oracle said.
Other patches are intended for bugs in Oracle Enterprise Manager Grid Control, 2 patches; Oracle Applications (Oracle Supply Chain Products Suite, Oracle PeopleSoft and JDEdwards Suite), 16 security fixes; Oracle Industry Applications, two bug fixes; and Oracle Open Office Suite, 2 fixes.