Oracle is preparing to ship 86 patches covering security vulnerabilities in a wide span of its products, with 18 of the fixes aimed at the MySQL database alone.
Two of the MySQL vulnerabilities can be exploited by an attacker remotely without the need for a user name and password, according to a pre-release announcement posted on Oracle's website. At least one has a "base score" of 9.0 on the CVSS (Common Vulnerability Scoring System), which runs from 1 to 10, with 10 being the most dangerous.
[ Andrew C. Oliver answers the question on everyone's mind: Which freaking database should I use? | Keep up with the latest approaches to managing information overload and compliance in InfoWorld's Enterprise Data Explosion Digital Spotlight. ]
The patch batch, which is scheduled for Tuesday, also includes one fix for Oracle's flagship database, including versions 10g R2, 11g R, and 11gR2. While the vulnerability in question also has a CVSS base score of 9.0, it can't be exploited remotely without credentials, according to the announcement.
But another five patches will be shipped for Oracle Database Mobile/Lite Server, and all of them are remotely exploitable without requiring authentication, Oracle said. This grouping's highest CVSS base score is 10.0, according to Oracle.
Various components of Oracle Fusion Middleware, including WebLogic Server and Access Manager, will receive seven patches.
Some 13 patches concern Oracle Enterprise Manager Grid Control. All are exploitable remotely without credentials.
The remaining fixes set to ship Tuesday cover Oracle applications such as E-Business Suite and JD Edwards, as well as the Sun Storage Common Array Manager and Oracle's virtualization technology.
Oracle's last patch release, which came in October, fixed 109 problems.
Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris' email address is Chris_Kanaracus@idg.com.