Oracle's next quarterly security update will fix 73 vulnerabilities across a range of its products, including some Oracle Sun products such as Solaris.
The upcoming Critical Patch Update (CPU) — due to arrive 19 April — includes six patches for its database server software, two of which are rated 'critical' and are remotely executable without authentication. The database fixes are not applicable to client-only installations, Oracle wrote in the security bulletin on Thursday.
The patch bundle includes nine Oracle Fusion Middleware fixes, 14 patches for the Oracle PeopleSoft software suite and eight for the JD Edwards suite. A number of these vulnerabilities are also remotely exploitable without authentication, Oracle said.
The update also contains patches for a number of Sun products, such as Solaris, and various Java server products, including the Sun Java System Web Server, Java System Application Server and Sun Java System Messaging Server but will not include fixes for Java Standard Edition (SE) and Java for Business products.
In October 2010, security vendor F-Secure told ZDNet UK that it had seen thousands of Java exploits, some of which were capitalising on the fact that some Java installations did not remove old versions, leaving them intact and vulnerable.
The update will also patch eight vulnerabilities in Oracle OpenOffice, seven of which are remotely exploitable without the need for a username or password.
The update patch count is in keeping with previous security updates from the company. In January, it delivered fixes for 66 issues and prior to that, in October 2010, it issued patches for 85 vulnerabilities. Oracle releases patches for the majority of its software on a quarterly basis, except the Java virtual machine.
Due to the threat posed by a successful attack, Oracle advises all users of affected products to install the updates as soon as possible.
Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.