51 patches in Oracle's queue
The list of security updates for Oracle's quarterly patch day tomorrow (Tuesday) runs to 51 items, some of them critical. In addition to Oracle Database (27), Application Server (11), E-Business Suite (8), Enterprise Manager Database Control (2) and Peoplesoft Enterprise (3) are affected.
Oracle has scored the vulnerabilities using the Common Vulnerability Scoring System (CVSS) 2.0, which assigns values from 1 to 10 to vulnerabilities. Despite the fact that some of the vulnerabilities can be exploited remotely without requiring authentication, the highest score assigned is just 6.8.
Oracle has of course left it open right to the last minute to decide which patches will actually be released, a latitude which the company made use of back in [ticker:uk_92811 July], when they withdrew one patch at the last minute.
(ju)