Oracle to Release 88 Security Fixes
Oracle is planning to deliver 88 security fixes next Tuesday for a wide range of its products, according to a pre-release announcement posted to its website on Thursday.
A number of the bugs affect more than one product, and customers are advised to apply the patches as soon as possible, Oracle said.
Four fixes are for Oracle's database. Three of the database vulnerabilities involved can be exploited by an attacker over a network without the need for login credentials, according to Thursday's notice.
Oracle is also set to release 22 patches for its Fusion Middleware family, eight of which can be remotely exploited without a username or password, Oracle said.
The company uses the CVSS (Common Vulnerability Scoring System) to rank the seriousness of its patches. One of the fixes, for the Fusion Middleware product JRockit, has a CVSS score of 10.0, the highest on the scale.
Another 25 fixes cover weaknesses in Oracle's Sun product family, including the GlassFish application server and Solaris OS.
The patch batch will also deliver six fixes for the MySQL database. None of the weaknesses involved can be exploited remotely without credentials, Oracle said.
Other patches in the release include ones for Hyperion, Enterprise Manager Grid Control, E-Business Suite, Siebel CRM, PeopleSoft and Oracle Industry Applications.
Oracle releases patches for its applications, middleware and infrastructure software on a quarterly basis. The last set, issued in April, also included 88 bug fixes.
It also releases patch sets for the Java SE programming language periodically, but on a different schedule from that for its other products.
Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris's e-mail address is Chris_Kanaracus@idg.com