A total of 11 security fixes in the company's upcoming Critical Patch Update address issues in Oracle database products.Oracle is preparing to release 45 security fixes across hundreds of its
products July 15 as part of its upcoming Critical Patch Update.
Although specific details about the vulnerabilities are scarce in the
advisory, the most serious vulnerabilities, according to CVSS base scores,
affect Oracle Application Server and Oracle WebLogic Server. In both
cases, the highest score is 6.8.
All nine of the security fixes in the CPU that address
vulnerabilities in Oracle Application Server can be exploited
remotely without authentication. According to Oracle, none of these fixes apply
to client-only installations. The components affected by the flaws include
Hyperion BI Plus (formally Hyperion Performance Suite), Oracle HTTP Server,
Oracle Internet Directory and Oracle Portal.
There are seven security fixes for Oracle WebLogic Server, three of
which can be exploited remotely without authentication.
The company's database products also have their share of fixes in the
releasea total of 11though none of them can be exploited remotely. The
vulnerabilities affect a number of Oracle database components, including
Advanced Querying, Advanced Replication and the core RDBMS (relational DBMS).
The release also contains three fixes affecting the Oracle
TimesTen In-Memory Database, two for Oracle Enterprise Manager, six for Oracle
E-Business Suite and Applications, and seven patches addressing vulnerabilities
in Oracle PeopleSoft Enterprise products.
The 45 security patches would bring the total for the
year to 112 vulnerabilities patched. After July 15, the next CPU release is
slated for Oct. 14.
