14 DAY TRIAL // Oracle is preparing to release a monster security update next Tuesday in order to patch tens of vulnerabilities affecting hundreds of its products.
"This Critical Patch Update contains 78 new security vulnerability fixes across hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products," the company says.
Vulnerabilities located in Oracle JRockit of Oracle Fusion Middleware, Oracle Secure Backup and SPARC T3 Series, SPARC Netra T3 Series of Oracle Sun Products Suite bear the maximum score on the CVSS scale.
Thirteen vulnerabilities will be patched in the Oracle Database Server, the most severe of which has a CVSS base score of 7.1. Two of the flaws can be exploited remotely.
Three holes will be addressed in Oracle Secure Backup. All of them can be exploited over the network without authentication and their highest score is 10.
Meanwhile, the Oracle Fusion Middleware family of products will receive seven vulnerability fixes, some of which will address remote code execution flaws.
Another large batch of patches will target eighteen vulnerabilities in Oracle Enterprise Manager Grid Control. Nine of them are remotely exploitable, but the highest CVSS score is 6.8.
The Oracle Supply Chain Products Suite and Oracle E-Business Suite will each receive one security fix for flaws with scores of 4 and 4.3 respectively. Twelve vulnerabilities will be addressed in the Oracle PeopleSoft family of products. Only one of them can be exploited remotely.
However, the largest number of vulnerabilities, 23, will be fixed in products inherited by Oracle from Sun, including Solaris and VirtualBox. "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible," the company writes.