Oracle readies a patch monster

SECURITY STAFF dealing with Oracle software should prepare themselves for a busy Tuesday as the firm is releasing a patch that fixes 78 vulnerability issues.

The company's quarterly security update will include 23 fixes for Sun products and 13 for Oracle Database Server, and Oracle said that problems with hundreds of its products could be remedied.

"Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products," said Oracle as it warned its customers about the patchfest.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible."

The critical issues affect quite a long list of products, which we reproduce here: CMDB Metadata & Instance APIs, Content Management, Core RDBMS, Database Target Type Menus, Database Vault, EMCTL, Enterprise Config Management, Enterprise Manager Console, Event management, Instance Management, Oracle Universal Installer, Schema Management, Security Framework, Security Management, SQL Performance Advisories/UIs, Streams, AQ & Replication Mgmt, and XML Developer Kit.

The Oracle Sun Products Suite faces the largest number of fixes and nine of its vulnerabilities can be remotely exploited, "over a network without the need for a username and password", according to Oracle. µ