Oracle is preparing to release a critical security update for a number of its products. The update brings a total of 41 security fixes, including 10 for its database products and several for vulnerabilities with the highest possible severity rating.
is planning to deliver 41 patches
to its customers on Tuesday, Jan. 13, including
10 for its database products.
The most serious of the bugs being patched affect Oracle WebLogic Server
Plugin for Apache, Sun and IIS Web servers as well as the Windows versions of
Oracle Secure Backup. Those vulnerabilities have a CVSS (common vulnerability
scoring system) rating of 10.0, according to Oracle's advisory.
Some 17 of the vulnerabilities fixed by the update are remotely exploitable
without authentication, according to the company. Among those are the nine
flaws affecting Oracle Secure Backup, as well as the flaws affecting
Oracle WebLogic Server.
None of the 10 database flaws are remotely exploitable without
Also included in the update are security fixes for Enterprise Manager, the
TimesTen Data Server, Oracle Application Server, Collaboration Suite, Oracle
E-Business Suite and applications, PeopleSoft Enterprise and JD Edwards
The release marks the first critical patch update of
2009 for Oracle,
and is slated to come on the same day as Microsoft's