Oracle database administrators, start your patching engines.
According to the Redwood City, Calif., vendor’s Critical Patch Update pre-release announcement, the first quarterly update for 2008 will contain 27 security fixes across hundreds of Oracle products.
The patches are expected to ship on January 15, 2008.
Here’s the breakdown of patches affecting specific products:
Oracle Database: 8 vulnerabilities
Oracle Application Server: 6 vulnerabilities Oracle Collaboration Suite: 1 new security fix
Oracle E-Business Suite: 7 new security fixes (three of these flaws may be remotely exploited without authentication) Oracle Enterprise Manager 1 vulnerability. Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne: 4 new security fixes.
More from Brian Prince.