Oracle plans comprehensive patch day - including Java
As it did in mid-July, Oracle has announced another comprehensive patch day to close a total of 81 security holes. Oracle says that the Critical Patch Update, planned for the 12th of October, will affect hundreds of Oracle products. Thirty one of the holes are said to be in products from the former Sun portfolio, which is now called the "Oracle Sun Product Suite".
Oracle advises users to install the patches as soon as they become available, as many of the security holes are rated critical. For instance, one of seven holes in the Oracle Database Server grants remote access to intruders without requiring user name or password authentication. Users of Fusion middleware and the E-Business Suite are facing the same risk. Due to similar security holes in various versions of the Java Development Kit (JDK) and the Java Runtime Environment (JRE), Oracle has also announced patches for 29 critical holes in Java SE and in Java for Business.
- Oracle Critical Patch Update Pre-Release Announcement - October 2010, security advisory from Oracle.