Oracle Patch Tuesday heads-up: 81 database security holes

Oracle will join Microsoft on next week's Patch Tuesday freight train and it will be another mega-release.

The database server giant says in a pre-release announcement that it will patch a whopping 81 vulnerabilities, some serious enough to be remotely exploitable without authentication (over a network without the need for a username and password).

The company said that 31 out of 81 vulnerabilities are in the Oracle Sun Products Suite.

Here's a glimpse of the affected products and the severity risk:

Oracle Database:

This Critical Patch Update contains 7 new security fixes for the Oracle Database Server.  1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.  None of these fixes are applicable to client-only installations, i.e., installations that do not have the Oracle Database Server installed.

Oracle Fusion Middleware Executive Summary

This Critical Patch Update contains 8 new security fixes for Oracle Fusion Middleware.  6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

[ MS planning Patch Tuesday whopper: 16 bulletins, 49 vulnerabilities ]

Oracle Applications:

This Critical Patch Update contains 33 new Security fixes for the Oracle Applications divided as follows:

• 6 new security fixes for the Oracle E-Business Suite.  5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The highest CVSS Base Score of vulnerabilities affecting E-Business Suite products is 5.8.
• 2 new security fixes for the Oracle Supply Chain Products Suite.  1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The highest CVSS Base Score of vulnerabilities affecting Supply Chain Products Suite products is 5.0
• 21 new security fixes for the Oracle PeopleSoft and JDEdwards Suite.  1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The highest CVSS Base Score of vulnerabilities affecting PeopleSoft and JDEdwards Suite products is 5.5.
• 4 new security fixes for the Oracle Siebel Suite.  None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without the need for a username and password.  The highest CVSS Base Score of vulnerabilities affecting Siebel Suite products is 6.0.

Oracle Primavera Products Suite:

This Critical Patch Update contains 1 new security fix for the Oracle Primavera Products Suite.  This vulnerability is not remotely exploitable without authentication, i.e., may not be exploited over a network without the need for a username and password.

Oracle Solaris Products Suite

This Critical Patch Update contains 31 new Security fixes for the Oracle Sun Products Suite divided as follows:

• 26 new security fixes for the Oracle Sun Products Suite.  11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The highest CVSS Base Score of vulnerabilities affecting Oracle Solaris Products Suite is 10.0.
• 5 new security fixes for the Oracle Open Office Suite.  All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The highest CVSS Base Score of vulnerabilities affecting Oracle Open Office Products Suite is 9.3.

This Oracle patch batch will be released on October 12, 2010.