Oracle to release patches for 73 vulnerabilities in major update

Announces bug-fixes for vulnerabilities across its product range; includes PeopleSoft, JD Edwards, Sun lineup.

Oracle plans to release 73 vulnerability fixes next week to address vulnerabilities across hundreds of products. This has been disclosed as part of a pre-release announcement concerning Oracle’s critical patch update (CPU) schedule for April 2011.

The company will release fixes for six vulnerabilities in its star database line-up. Two of these critical vulnerabilities may be exploited over a network without authentication — without usernames and passwords. The CPU contains nine fixes for Oracle’s Fusion Middleware, of which six may be exploited remotely. These fixes are not applicable to client-only installations.

Oracle’s latest bug fixes include 14 updates to the PeopleSoft Suite. Eight fixes for the Oracle JD Edwards Suite are also part of the schedule, seven of which are remotely exploitable sans authentication. The Sun product line will get Open Office Suite updates, as well as 18 bug fixes to the Sun Products Suite.

The vulnerabilities to be fixed by the CPU were scored using standard CVSS 2.0 scoring. The highest CVSS score for vulnerabilities in this CPU was 10 for three of Oracle products — JRockit of Oracle Fusion Middleware, Sun GlassFish Enterprise Server, and Sun Java System Application Server.

Oracle’s updates follow hot on the heels of Microsoft’s record patch Tuesday, as well as Apple’s major updates (Mac OS X, Safari and others) on Thursday. Several of these vulnerabilities affect multiple products, informs Oracle, along with the recommendation that users apply this CPU as soon as possible.

Read more on Data breach incident management and recovery