Oracle closes security holes
With this quarters Critical Patch Update (CPU), Oracle has addressed ten security vulnerabilities in its database products. Three of the issues could be exploited over the network without a user name or password being required; the components affected by these problems are Network Authentication, Listener and Secure Enterprise Search. Other problems, which require some level of authentication, affect the Oracle Network Foundation, Advanced Replications, Config Management, Upgrade and Virtual Private Database.
The full list of fixed issues and affected products is available from the Oracle website. Oracle says that "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible."