Oracle to patch 76 security vulnerabilities
Oracle has announced that it plans to close a total of 76 security vulnerabilities later today (18 October) as part of its Critical Patch Update. The company says that the patch day will affect "hundreds of Oracle products".
A total of 56 holes will be closed across Oracle Database, Fusion Middleware, Application Server, Business Intelligence Enterprise Edition, Identity Management, WebLogic Portal and Server, Outside In Technology, Enterprise Manager Grid Control, and the E-Business Suite. Other affected products include Agile Product Supplier Collaboration for Process, PeopleSoft Enterprise HRMS and PeopleTools, Siebel CRM, Clinical, Thesaurus Management System, the Sun Product Suite, Oracle Linux 5 and Sun Ray.
A further 20 vulnerabilities will be addressed in Java SE, six of which are applicable to JRockit. Oracle says that 19 of these issues can be exploited remotely without authentication. Some of the Java holes have a CVSS (Common Vulnerability Scoring System) score of 10.0, the highest possible level of severity.
In its pre-release announcement, the company says that users are advised to install the patches as soon as they become available because of "the threat posed by a successful attack". Executive Summaries of the vulnerabilities can be found in the security advisories.
- Oracle Critical Patch Update Pre-Release Announcement - October 2011, security advisory from Oracle.
- Oracle Java SE Critical Patch Update Pre-Release Announcement - October 2011, security advisory from Oracle.