14 DAY TRIAL // Oracle has released a major batch of security fixes to address a total of 85 vulnerabilities, that affect software from twenty of its product families.
The Oracle Database Server was affected by seven vulnerabilities, one of which is remotely exploitable without authorization.
The affected Oracle Database versions are 11g Release 2, version 11.2.0.1; 11g Release 1, version 11.1.0.7; 10g Release 2, versions 10.2.0.3, 10.2.0.4; 10g, Release 1, version 10.1.0.5.
Another eight vulnerabilities were identified and patched in Oracle Fusion Middleware. Six of them can be exploited over the network without a username and password. The Oracle Fusion Middleware, 11gR1, versions 11.1.1.1.0 and 11.1.1.2.0 are affected.
A remotely exploitable security issue has been fixed in the Oracle Enterprise Manager Grid Control. It carries a score of 7.5 on the Common Vulnerability Scoring Standard (CVSS) scale.
The Oracle E-Business Suite was affected by six vulnerabilities, out of which, five were remotely exploitable without authentication.
Two flaws were patched in the Oracle Supply Chain Products Suite and one can be targeted over the network. Meanwhile, the Oracle Siebel Suite registered four bug fixes.
The biggest number of vulnerabilities in Oracle's applications, 21, were identified in PeopleSoft and JDEdwards Suite. However, only one can be exploited from remote and its CVSS score is 5.5.
A single non-remotely exploitable vulnerability was found and fixed in the Oracle Primavera Products Suite. Primavera P6 Enterprise Project Portfolio Management, versions 6.21.3.0 and 7.0.1.0 are affected.
The Sun Products Suite, which includes Solaris and Java products is the most affected one, with 26 vulnerabilities. Eleven are remotely exploitable and one, identified as CVE-2010-3509, carries the maximum CVSS base score of 10.0.
Five security issues that can be attacked over a network have also been identified and patched in the Open Office Suite (formerly StarOffice). All of them have a CVSS score of 9.3.
"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU [Critical Patch Update] fixes as soon as possible," the company says in its advisory.