Set to release 24 security fixes.
IT administrators could be busy next Tuesday, after enterprise software giant Oracle announced a hefty monthly patch update, with 24 new security vulnerability fixes set to be released across hundreds of its products.
The news comes just days after Microsoft announced it would be starting the year with one of its smallest Patch Tuesday releases ever – just one patch to fix a critical vulnerability in Windows 2000.
Listed are ten fixes for vulnerabilities in the Oracle Database, two of which may be remotely exploited without authentication, and three fixes for the Oracle Application Server.
Also at risk are the Oracle Applications Suite, with three new security fixes, the PeopleSoft and JD Edwards Suite, Primavera Products Suite, and BEA Products Suite, which has five new fixes lined up.
The highest CVSS 2.0 base score for vulnerabilities in this Critical Patch Update is 10.0 for vulnerabilities affecting Listener for Oracle Database Server, Oracle Secure Backup and Oracle JRockit, said the firm.
“This Critical Patch Update contains 24 new security vulnerability fixes across hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products,” noted a pre-release announcement by Oracle.
"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.”