Oracle will join Microsoft on next week’s Patch Tuesday freight train and it will be another mega-release.
The database server giant says in a pre-release announcement that it will patch a whopping 81 vulnerabilities, some serious enough to be remotely exploitable without authentication (over a network without the need for a username and password).
The company said that 31 out of 81 vulnerabilities are in the Oracle Sun Products Suite.
Here’s a glimpse of the affected products and the severity risk:
This Critical Patch Update contains 7 new security fixes for the Oracle Database Server. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. None of these fixes are applicable to client-only installations, i.e., installations that do not have the Oracle Database Server installed.
Oracle Fusion Middleware Executive Summary
This Critical Patch Update contains 8 new security fixes for Oracle Fusion Middleware. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
[ MS planning Patch Tuesday whopper: 16 bulletins, 49 vulnerabilities ]
Oracle Applications:
This Critical Patch Update contains 33 new Security fixes for the Oracle Applications divided as follows:
- 6 new security fixes for the Oracle E-Business Suite. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The highest CVSS Base Score of vulnerabilities affecting E-Business Suite products is 5.8.
- 2 new security fixes for the Oracle Supply Chain Products Suite. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The highest CVSS Base Score of vulnerabilities affecting Supply Chain Products Suite products is 5.0
- 21 new security fixes for the Oracle PeopleSoft and JDEdwards Suite. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The highest CVSS Base Score of vulnerabilities affecting PeopleSoft and JDEdwards Suite products is 5.5.
- 4 new security fixes for the Oracle Siebel Suite. None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without the need for a username and password. The highest CVSS Base Score of vulnerabilities affecting Siebel Suite products is 6.0.
Oracle Primavera Products Suite:
This Critical Patch Update contains 1 new security fix for the Oracle Primavera Products Suite. This vulnerability is not remotely exploitable without authentication, i.e., may not be exploited over a network without the need for a username and password.
Oracle Solaris Products Suite
This Critical Patch Update contains 31 new Security fixes for the Oracle Sun Products Suite divided as follows:
- 26 new security fixes for the Oracle Sun Products Suite. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The highest CVSS Base Score of vulnerabilities affecting Oracle Solaris Products Suite is 10.0.
- 5 new security fixes for the Oracle Open Office Suite. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The highest CVSS Base Score of vulnerabilities affecting Oracle Open Office Products Suite is 9.3.
This Oracle patch batch will be released on October 12, 2010.
0 comments:
Post a Comment