Posted by: Mark Fontecchio
Oracle issued a critical security patch update today, with 21 of the 59 patches being for the Sun Solaris operating system.
Some of the “vulnerability fixes,” as Oracle calls them, affect multiple products. Overall, the patches fix problems in 29 different Oracle products, including Oracle Database, WebLogic, E-Business Suite and PeopleSoft.
The update contains 13 patches for Oracle Database Server. Four of them, according to Oracle, “may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.”
There are also two vulnerabilities in the TimesTen In-Memory Database that can be exploited remotely without authentication, and three in Oracle Secure Backup. These are the most severe vulnerabilities, according to Oracle, garnering a Common Vulnerability Scoring System (CVSS) score of 10 in a range of 1-10.
Seven of the 21 vulnerabilities in the Solaris suite can be remotely exploitable without authentication.