Oracle is set to release an update for its products Jan. 12. Among the security flaws addressed are 10 vulnerabilities in the Oracle Database.
Oracle is planning to release
that includes 24 security patches affecting numerous products,
including the Oracle Database and Oracle E-Business Suite.
The update addresses 10 security
vulnerabilities related to the database, including one in Oracle Secure Backup.
Two of the vulnerabilities can be exploited remotely without authentication,
Oracle said in a pre-patch advisory.
Oracle BEA products are the
subject of five security fixes, all of which are remotely exploitable over a
network without a user name and password. One of the security holes plugged by
the update is a flaw in Oracle JRockit with a CVSS base score of 10.0, the
highest score possible.
The update plugs three remotely exploitable
security holes in Oracle's application server, as well as providing a fix for
the PeopleSoft and JD Edwards Suite. The update also has two new security fixes
for the Oracle Primavera Products Suite and three for Oracle Application
"These vulnerabilities are not remotely
exploitable without authentication, i.e., may not be exploited over a network
without the need for a user name and password," Oracle said regarding the
More information about the critical patch update is
The update is scheduled to be released Jan. 12, the same
day as Microsoft's
Patch Tuesday fix.