Oracle to patch 38 vulnerabilities
In its Critical Patch Update Pre-Release Announcement, Oracle has confirmed that on Tuesday, the 20th of October, it plans to release updates for 21 of its products to address 38 security vulnerabilities. Affected products include Oracle Database 9i Release 2, 10g, 10g Release 2, 11g, Oracle Application Server 10g and Oracle WebLogic Server.
Six of the security updates address vulnerabilities that allow remote access to Oracle Database without the need for a user name or password. Oracle BEA products, such as JRockit and WebLogic, are also affected by remote exploits that do not require authentication. According to Oracle, several of the vulnerabilities in this Critical Patch Update scored a 10, the highest possible score in the Common Vulnerability Scoring System (CVSS). Oracle strongly advises its customers to apply the fixes as soon as possible.
- Oracle Critical Patch Update Pre-Release Announcement - October 2009, security advisory from Oracle.