Oracle Critical Patch Update for October, 2010 to fix 81 Vulnerabilities
Oracle issued a Pre-Release Announcement this week, providing advance information about the Oracle Critical Patch Update to be released on Tuesday, October 12, 2010.
According to Oracle, the upcoming “Critical Patch Update” will contain 81 new security vulnerability fixes across hundreds of Oracle products. 31 out of 81 vulnerabilities are in the Oracle Sun Products Suite. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.
Affected Products and Components
Security vulnerabilities addressed by the Critical Patch Update coming Tuesday, October 12, 2010 affect the following products:
Oracle Database 11g Release 2, version 18.104.22.168
Oracle Database 11g Release 1, version 22.214.171.124
Oracle Database 10g Release 2, versions 10.2.0.3 and 10.2.0.4
Oracle Database 10g, Release 1, version 10.1.0.5
Oracle Fusion Middleware, 11gR1, versions 126.96.36.199.0 and 188.8.131.52.0
Oracle Application Server, 10gR3, version 10.1.3.5.0
Oracle Application Server, 10gR2, version 10.1.2.3.0
Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0 and 10.1.3.4.1
Oracle Identity Management 10g, versions 10.1.4.0.1 and 10.1.4.3
Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1 and 12.1.2
Oracle E-Business Suite Release 11i, versions 11.5.10 and 184.108.40.206
Agile PLM, version 220.127.116.11
Oracle Transportation Management, versions 5.5, 6.0, and 6.1
PeopleSoft Enterprise CRM, FMS, HCM and SCM (Supply Chain), versions 8.9, 9.0 and 9.1
PeopleSoft Enterprise EPM, Campus Solutions, versions 8.9 and 9.0
PeopleSoft Enterprise PeopleTools, versions 8.49 and 8.50
Siebel Core, versions 7.7, 7.8, 8.0 and 8.1
Primavera P6 Enterprise Project Portfolio Management, versions 18.104.22.168 and 22.214.171.124
Oracle Sun Product Suite
Vulnerabilities fixed by Critical Patch Updates are scored using the standard CVSS 2.0 scoring (see Oracle’s Use of CVSS Scoring). The highest CVSS 2.0 Base Score for vulnerabilities in this Critical Patch Update is 10.0 for vulnerability affecting Solaris Scheduler.
For additional details visit the Oracle Technology Network information page here.