Oracle to roll out 51 security fixes

Oracle Critical Patch Update for October 2007 will be released on Tuesday, October 16, 2007. It will contain 51 security fixes and some of the vulnerabilities addressed affect multiple products.

Security vulnerabilities addressed by this Critical Patch Update affect the following products:

  • Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3
  • Oracle Database 10g, version 10.1.0.5
  • Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
  • Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.0.0, 10.1.3.1.0, 10.1.3.2.0, 10.1.3.3.0
  • Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.0.1 – 10.1.2.0.2, 10.1.2.1.0, 10.1.2.2.0
  • Oracle Application Server 10g (9.0.4), version 9.0.4.3
  • Oracle Collaboration Suite 10g, version 10.1.2
  • Oracle E-Business Suite Release 12, versions 12.0.0 – 12.0.3
  • Oracle E-Business Suite Release 11i, versions 11.5.8 – 11.5.10 CU2
  • Oracle Enterprise Manager Database Control 10g Release 2, versions 10.2.0.2, 10.2.0.3
  • Oracle Enterprise Manager Database Control 10g Release 1, version 10.1.0.5
  • Oracle Enterprise Manager Grid Control 10g Release 1, versions 10.1.0.5, 10.1.0.6
  • Oracle PeopleSoft Enterprise PeopleTools versions 8.22, 8.47, 8.48, 8.49
  • Oracle PeopleSoft Enterprise Human Capital Management versions 8.9, 9.0 (Absence Management Module)

Oracle Database

This Critical Patch Update contains 27 new security fixes for the Oracle Database. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e. they may be exploited over a network without the need for a username and password.

The highest CVSS base score of vulnerabilities affecting Oracle Database products is 6.5 (4.2 for CVSS 1.0 scoring).

The Oracle Database components affected by vulnerabilities that are fixed in this Critical Patch Update are:

  • Advanced Queuing
  • Advanced Security Option
  • Core RDBMS
  • Export
  • Import
  • Oracle Database Vault
  • Oracle Net Services
  • Oracle Text
  • Spatial
  • SQL Execution
  • Workspace Manager
  • XML DB