Oracle to release 88 security fixes

The patch batch will be issued next Tuesday

Oracle is planning to deliver 88 security fixes next Tuesday for a wide range of its products, according to a pre-release announcement posted to its website on Thursday.

A number of the bugs affect more than one product, and customers are advised to apply the patches as soon as possible, Oracle said.

[ InfoWorld's expert contributors show you how to secure your Web browsers in the "Web Browser Security Deep Dive" PDF guide. Download it today! | Learn how to secure your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]

Four fixes are for Oracle's database. Three of the database vulnerabilities involved can be exploited by an attacker over a network without the need for login credentials, according to Thursday's notice.

Oracle is also set to release 22 patches for its Fusion Middleware family, eight of which can be remotely exploited without a username or password, Oracle said.

The company uses the CVSS (Common Vulnerability Scoring System) to rank the seriousness of its patches. One of the fixes, for the Fusion Middleware product JRockit, has a CVSS score of 10.0, the highest on the scale.

Another 25 fixes cover weaknesses in Oracle's Sun product family, including the GlassFish application server and Solaris OS.

The patch batch will also deliver six fixes for the MySQL database. None of the weaknesses involved can be exploited remotely without credentials, Oracle said.

Other patches in the release include ones for Hyperion, Enterprise Manager Grid Control, E-Business Suite, Siebel CRM, PeopleSoft, and Oracle Industry Applications.

Oracle releases patches for its applications, middleware and infrastructure software on a quarterly basis. The last set, issued in April, also included 88 bug fixes.

It also releases patch sets for the Java SE programming language periodically, but on a different schedule from that for its other products.

Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris's e-mail address is Chris_Kanaracus@idg.com

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies