Oracle just released a new Critical Patch Update, a collection of patches for multiple security vulnerabilities. The update also includes non-security fixes that are required by those security patches.
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 85 new security fixes across all product families listed below.
Affected Products and Components
Security vulnerabilities addressed by this Critical Patch Update affect the following products:
Oracle Database 11g Release 2, version 126.96.36.199
Oracle Database 11g Release 1, version 188.8.131.52
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4
Oracle Database 10g, Release 1, version 10.1.0.5
Oracle Fusion Middleware, 11gR1, versions 184.108.40.206.0, 220.127.116.11.0
Oracle Application Server, 10gR3, version 10.1.3.5.0
Oracle Application Server, 10gR2, version 10.1.2.3.0
Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0, 10.1.3.4.1
Oracle Identity Management 10g, versions, 10.1.4.0.1, 10.1.4.3
Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1 and 12.1.2
Oracle E-Business Suite Release 11i, versions 11.5.10, 18.104.22.168
Agile PLM, version 22.214.171.124
Oracle Transportation Management, versions 5.5, 6.0, and 6.1
PeopleSoft Enterprise CRM, FMS, HCM and SCM (Supply Chain), versions 8.9, 9.0 and 9.1
PeopleSoft Enterprise EPM, Campus Solutions, versions 8.9, 9.0 and 9.1
PeopleSoft Enterprise PeopleTools, versions 8.49 and 8.50
Siebel Core, versions 7.7, 7.8, 8.0 and 8.1
Primavera P6 Enterprise Project Portfolio Management, Versions: 126.96.36.199, 188.8.131.52
Oracle Sun Product Suite
Oracle VM, version 2.2.1
For more information do visit Oracle’s page dedicated to these patches.
At the same time, Oracle released Java SE and Java for Business Critical Patch Update Advisory for October 2010. You can see the risk matrix and read about the patches over here.
To learn more about patching challenges and techniques read our interview with Qualys CTO Wolfgang Kandek who offers his extensive knowledge on the subject.