Oracle October 2009 Pre-Release

Oracle just published the pre-release of the Oracle October 2009 CPU. In total 38 vulnerabilities will be fixed. This CPU will fix 16 new vulnerabilities in the databases. 6 of them remotely exploitable without authentication, 1 affects client-only installations.

The hight CVSS base score is 10.0 for Windows and 7.5 for other platforms (Oracle ANO and Core RDBMS). Sounds like a very interesting CPU…

The following components are affected.

  • ¬†Advanced Queuing
  • Application Express
  • Authentication
  • CORE RDBMS
  • Data Mining
  • Net Foundation Layer
  • Network Authentication
  • Oracle Spatial
  • Oracle Text
  • PL/SQL
  • RDBMS Data Pump
  • RDBMS Security
  • Workspace Manager

Oracle will also fix 3 bugs in the Oracle Application Server, 8 in Oracle E-Business-Suite, 4 in JD-Edwards and Peoplesoft, 6 in BEA and 1 in Oracle Industry Application (a product I never heard before).

Comments are closed.