Yesterday Oracle released the CPU April 2010 Pre-Release. These patches will fix 47 security vulnerabilites. The database patch itself will contain 7 new security vulnerability fixes. None of these vulnerabilities are remote exploitable without authentication.
The highest CVSS base score for the Oracle database is 7.5.
The following components are affected:
Change Data Capture
Core RDBMS
JavaVM
Oracle XDB
RDBMS Security
XML DB
Oracle will fix one of my findings in the April 2010 CPU.
At the DOAG Expertenseminar „Oracle Hardening & Patching / Auditing & Co.“ in Berlin (26.04.2010 – 27.04.2010) I will talk about this CPU as well. If you are interested you can attend this 2 day seminar.