Oracle just published the pre-release of the Oracle October 2009 CPU. In total 38 vulnerabilities will be fixed. This CPU will fix 16 new vulnerabilities in the databases. 6 of them remotely exploitable without authentication, 1 affects client-only installations.
The hight CVSS base score is 10.0 for Windows and 7.5 for other platforms (Oracle ANO and Core RDBMS). Sounds like a very interesting CPU…
The following components are affected.
- Advanced Queuing
- Application Express
- Authentication
- CORE RDBMS
- Data Mining
- Net Foundation Layer
- Network Authentication
- Oracle Spatial
- Oracle Text
- PL/SQL
- RDBMS Data Pump
- RDBMS Security
- Workspace Manager
Oracle will also fix 3 bugs in the Oracle Application Server, 8 in Oracle E-Business-Suite, 4 in JD-Edwards and Peoplesoft, 6 in BEA and 1 in Oracle Industry Application (a product I never heard before).