Oracle to release 88 security updates on Tuesday
Ahead of its regular July Critical Patch Update on Tuesday, Oracle has announced that it will release 88 fixes for security holes across hundreds of Oracle products. Many of these vulnerabilities are remotely exploitable without authentication.
Oracle has not released many details on the vulnerabilities it will be patching. The highest CVSS (Common Vulnerability Scoring System) Base Score for vulnerabilities in this Critical Patch Update is 10.0 for a vulnerability in JRockit, the Java Virtual Machine, which is part of Oracle Fusion Middleware; other Fusion Middleware components affected are Enterprise Manager for Fusion Middleware, Oracle HTTP Server, MapViewer, Outside In Technology and Portal.
Products that will also receive updates include Oracle Database 10g and 11g, Oracle Siebel CRM, MySQL Server, Enterprise Manager Grid Control and Hyperion BI+. Solaris, Solaris Cluster, SPARC T-Series servers, Glassfish Enterprise Server and Oracle iPlanet Web Server will also be receiving fixes.
According to Oracle, customers should apply the updates as soon as they are released due to "the threat posed by a successful attack". The company will supply more information about the vulnerabilities and accompanying patches with the release on Tuesday.