Oracle announces patches for 41 holes
Database vendor Oracle has announced patches for 41 security holes in a number of products for the Critical Patch Update (CPU) patch day scheduled for Tuesday. The updates affect the vast majority of the vendor's products:
- Oracle Database 11g (18.104.22.168); 10g Release 2 (10.2.0.2, 10.2.0.3); 10g (10.1.0.5); 9i Release 2 (22.214.171.124, 126.96.36.199DV)
- Oracle Application Server 10g Release 3 (10.1.3); 10g Release 2 (10.1.2); 10g (9.0.4)
- Oracle Collaboration Suite 10g (10.1.2)
- Oracle E-Business Suite Release 12 (12.0.0 - 12.0.4); Release 11i (11.5.9 - 11.5.10 CU2)
- Oracle PeopleSoft Enterprise PeopleTools (8.22.19, 8.48.16, 8.49.09)
- Oracle PeopleSoft Enterprise HCM (8.8 SP1, 8.9, 9.0)
- Oracle Siebel SimBuilder (7.8.2, 7.8.5)
No further details about the vulnerabilities have been released so far. But according to the patch day pre-release announcement, two of the holes in the Oracle database can be exploited remotely over a network without the need for prior authentication, as can all three vulnerabilities in the Application Server, seven of the holes in the E-Business suite and three in Siebel SimBuilder.
Administrators of Oracle products are advised to update at their earliest convenience once the patches are available.
- Oracle Critical Patch Update Pre-Release Announcement - April 2008, announcement by Oracle