Posted by: Mark Fontecchio
Oracle issued its quarterly security patch yesterday afternoon. There are 77 total security patches, with the most vulnerable being for Java Runtime Environments (JREs).
The Java Critical Patch Update includes 20 fixes, 19 of which could be “remotely exploitable without authentication,” meaning they could be exploited over a network without a username and password. Six of them have the highest risk rating possible. Oracle suggests fixing all the vulnerabilities as soon as possible.
Over on the database and applications side, the Oracle Critical Patch Update includes 57 fixes on products such as Oracle Database (11g and 10g), Fusion Middleware, Oracle Business Intelligence Enterprise Edition, E-Business Suite, PeopleSoft, Siebel, Sun products and more. Twenty-two of them are remotely exploitable. The most vulnerable issues to patch are in the Solaris operating system. Again, Oracle suggests applying the patch as soon as possible.
The next critical patch update is expected Jan. 17, followed by April 17, July 17 and Oct. 16 of 2012.