Not to be outdone, Oracle is wading into the patch scene with their own release this coming July 17th. They are tentatively scheduling the release of 46 patches. I wonder if David Litchfield will have some new Oracle fun for us at Black Hat this year.
Oracle Database Executive Summary
This Critical Patch Update contains 20 new security fixes for the Oracle Database including 1 new security fix for Application Express. 2 of these vulnerabilities may be remotely exploitable without authentication, i.e. they may be exploited over a network without the need for a username and password. None of these fixes are applicable to Oracle Database client-only installations, i.e. installations that do not have the Oracle Database installed.
The highest CVSS base score of vulnerabilities affecting Oracle Database products is 4.2.
The Oracle Database components affected by vulnerabilities that are fixed in this Critical Patch Update are:
* Advanced Queuing
* Application Express
* DataGuard
* JavaVM
* Oracle Data Mining
* Oracle Internet Directory
* Oracle Text
* PL/SQL
* Progam Interface
* Rules Manager
* Spatial
* SQL CompilerOracle Application Server Executive Summary
This Critical Patch Update contains 4 new security fixes for Oracle Application Server. 3 of these vulnerabilities may be remotely exploitable without authentication, i.e. they may be exploited over a network without the need for a username and password. 2 new fixes are applicable to client-only installations, i.e. installations that do not have Oracle Application Server installed.
Oracle Application Server products that are bundled with the Oracle Database are affected by Oracle Database vulnerabilities fixed in this CPU.
The highest CVSS base score of vulnerabilities affecting Oracle Application Server products is 2.3.
The Oracle Application Server components affected by vulnerabilities that are fixed in this Critical Patch Update are:
* Oracle Internet Directory
* Oracle Jdeveloper
* Oracle Single Sign On
For the full announcement from Oracle read on.
[tags]Oracle Critical Patch Update, Oracle Patches, Oracle July Patches[/tags]
Your ‘Article Link’ points to the 2007 patch release. It is an interesting contrast that the 2007 version actually contained some meaningful information, unlike it’s 2008 cousin, located here: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html
@Adrian
Yup that was the 2007 release. Thanks for the link. I thought they weren’t posting until later today.