Patch Day double-whammy: Oracle plugs 33 database holes

For businesses, today is a Patch Tuesday double-whammy.Just hours after Microsoft shipped six bulletins to cover multiple flaws in Windows and Internet Explorer, Oracle is getting set to release its quarterly batch of Critical Patch Updates with fixes for at least 33 security vulnerabilities.

For businesses, today is a Patch Tuesday double-whammy.

Just hours after Microsoft shipped six bulletins to cover multiple flaws in Windows and Internet Explorer, Oracle is getting set to release its quarterly batch of Critical Patch Updates with fixes for at least 33 security vulnerabilities.

According to Oracle:

This Critical Patch Update contains 33 security vulnerability fixes across hundreds of Oracle products.  Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products.  Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.

Vulnerabilities fixed by Critical Patch Updates are scored using the standard CVSS 2.0 scoring (see Oracle's Use of CVSS Scoring). The highest CVSS 2.0 base score for vulnerabilities in this Critical Patch Update is 10.0 for vulnerabilities affecting Oracle JRockit and Oracle Secure Backup.

Here's the patch count for each affected product line:

  • 10 for the Oracle Database Server
  • 2 for Oracle Secure Backup
  • 2 for the Oracle Application Server
  • 5 for Oracle Applications
  • 2 for Oracle Enterprise Manager
  • 3 for the Oracle PeopleSoft and JDEdwards Suite
  • 1 for the Oracle Siebel Suite
  • 5 for the Oracle BEA Products Suite