Oracle has released a large set of security updates to multiple versions of 44 different products. The updates address a total of 113 vulnerabilities in over 100 versions of its products.
Among the major products patched are Oracle Database Server (five vulnerabilities), Oracle Fusion Middleware (29), Oracle Hyperion (seven), Oracle E-Business Suite (five), Oracle PeopleSoft (five), Oracle Siebel CRM (six), Oracle MySQL Executive (ten), Oracle Solaris (four) and, of course, Oracle Java (20). Many of the vulnerabilities are severe and can result in remote compromise of the system. Many affect multiple products.
Oracle recommends that customers apply all the updates as soon as possible.
The largest set of vulnerability fixes is for Oracle Fusion Middleware. Of the 29 vulnerabilities fixed, 27 may be remotely exploitable without authentication, i.e. they may be exploited over a network without the need for a username and password.
Other products with large numbers of anonymous remote vulnerabilities are Java (all 20), Oracle Siebel CRM (four) and Oracle Virtualization products, which consists of Oracle Secure Global Desktop (SGD), Sun Ray and Oracle VM VirtualBox (eight).
Comparatively few of the vulnerabilities have CVSS Base Scores (a measure of severity ranging from 0 to 10.0) above 7.5. Java has eight such vulnerabilities and Oracle Database just two.
The update is a regularly-scheduled quarterly update for Oracle. As we had already reported, Oracle has announced that there will be no more support for Java on Windows XP.