Spring cleaning: Oracle's patch day brings 73 security patches
Oracle has released 73 security patches on its April patch day, closing many holes in Solaris, eponymous database server, WebLogic application server, Fusion middleware and other products. Among the most critical of the holes closed, scoring 10.0 on the CVS scoring system, are one in Sun GlassFish Enterprise Server and Sun Java System Application Server and one in Oracle jRockit.
Among the other holes closed is an old friend: at the end 2009 a vulnerability in the SSL/TLS protocol (CVE-2009-3555) was reported, but it is not till now that Oracle has responded to the problem. The products affected by the fix are Oracle Fusion Middleware and Oracle Database's Oracle Security Service and Oracle WebLogic Server. Many of the vulnerabilities allow an attacker to inject malicious code over the network so Oracle recommends that system administrators install the patches as soon as possible. The advisory also lists vulnerabilities in OpenOffice that have already been fixed with the release of OpenOffice 3.3.0. The next Oracle Critical Patch Update and patch day will come on 19 July.
(djwm)