Oracle patches 24 holes
After Microsoft and Adobe, Oracle has now followed suit with its own patch day release called Critical Patch Update (CPU). Updates released on this CPU for Oracle Database, Oracle Application Server, Oracle WebLogic Server, the Oracle E-Business Suite and other products patch 24 security vulnerabilities.
The vendor categorises one vulnerability in its database products, another in Oracle Secure Backup, and a third in JRockit (part of the BEA suite) as critical (CVSS 10.0) and strongly recommends that the updates be installed as soon as possible. The flaws allow attackers to compromise a system remotely without previous authentication.
- Oracle Critical Patch Update Advisory – January 2010, security advisory from Oracle.
- Oracle Releases Critical Patch Update for January 2010, security advisory from US-CERT.