Oracle publishes 43 security updates
The software company Oracle has published 43 patches in it's April Critical Patch Update, closing several critical security vulnerabilities. Oracle advises that customers install the updates as soon as possible to reduce the risk of a successful attack.
Oracle Database Server received patches for 16 vulnerabilities, of which two could be remotely exploited without authentication. Both, however, only received a CVS-Score (Common Vulnerability Scoring System) of 5. The Oracle Application Server received 12 patches. Three of the patched vulnerabilities allowed access over a network without registration. The Oracle E-Business Suite and Applications updates fix three vulnerabilities.
A total of eight patches were provided for the BEA Product Suite, addressing vulnerabilities with CVS-Scores as high as 10 for JRockit and WebLogic Server. The patch for JRockit includes fixes for 14 problems alone in the Java Runtime Environment from Sun Microsystems, all essentially for bugs known since December.
- Oracle Critical Patch Update Advisory - April 2009, advisory from Oracle.