Oracle has released 23 patches to address 57 vulnerabilities across hundreds of Oracle products on Oct 18, as part of Oracle’s Critical Patch Update (CPU). Of these, the software giant rates 21 patches as critical (remotely exploitable without authentication). Cumulatively, these vulnerabilities are known to affect hundreds of Oracle products.
The Oracle October CPU addresses bugs in Oracle’s Fusion Middleware, with eight patches for the product. This includes updates to Application Server, Business Intelligence Enterprise Edition, Identity Management and WebLogic (Portal and Server). Oracle Database Server versions 11g and 10g follow suit, with four patches to fix five vulnerabilities.
Apart from these, the remaining patches are distributed between Oracle’s E-Business Suite, Supply Chain, PeopleSoft, Siebel CRM, Health Sciences Application, and the Sun Product Suite. Vulnerabilities in Oracle Linux 5 and Oracle Sun Ray also received fixes.
Oracle has fixes for 10 bugs in Oracle Fusion Middleware; five of these rated as critical. Oracle’s patch to the Sun Products Suite fixes 22 vulnerabilities in the Oracle Sun Products Suite, which includes holes in the Solaris operating system and SPARC servers. Nine of these have been rated as critical.
Oracle’s e-Business Suite sees the plugging of five holes, with three being critical. Seven vulnerabilities in the PeopleSoft product line and one in Oracle Supply Chain have also got fixes. Three security vulnerabilities have been addressed in Siebel CRM, one of which carries a critical rating. Both flaws in Oracle’s Industry Applications have also been classified as critical.
The CPU also patches Oracle Linux 5, with one critical hole in Oracle Virtualization getting a patch. Patches for the Java product line have been released separately. The complete update advisory can be read here.