Oracle releases critical security patch set

Oracle on Tuesday brought out the first release of its Critical Patch Update, which contains software patches for security vulnerabilities in a wide variety of Oracle products. The software is the first such release since Oracle decided last November to begin releasing security patches on a quarterly cycle.

The update contains patches for a wide array of security vulnerabilities found in Oracle's database, application server, collaboration suite and e-business suite and is available to customers who have purchased Oracle's Extended Maintenance Support or Extended Support plans.

Included in the update is a fix for a vulnerability discovered by security software vendor Next Generation Security Software that allow attackers to gain unauthorized privileges or commit buffer overflow attacks on Oracle's database software. The company said it will reveal more details on these vulnerabilities in April, in order to give database administrators time to test and apply the patches.

Oracle decided to begin delivering its security patches on a quarterly basis to simplify the update process for its users, the company said last November.

In the past Oracle had released patches as soon as they were ready for all supported product releases and platforms, but customers found this method unpredictable and disruptive, as users were often caught off guard by patch releases.

More information on the patches can be found here: http://www.oracle.com/technology/deploy/security/alerts.htm