Oracle Preps Security Update with 41 Patches

Oracle is preparing to release a critical security update for a number of its products. The update brings a total of 41 security fixes, including 10 for its database products and several for vulnerabilities with the highest possible severity rating.

Oracle is planning to deliver 41 patches to its customers on Tuesday, Jan. 13, including 10 for its database products.

The most serious of the bugs being patched affect Oracle WebLogic Server Plugin for Apache, Sun and IIS Web servers as well as the Windows versions of Oracle Secure Backup. Those vulnerabilities have a CVSS (common vulnerability scoring system) rating of 10.0, according to Oracle's advisory.

Some 17 of the vulnerabilities fixed by the update are remotely exploitable without authentication, according to the company. Among those are the nine flaws affecting Oracle Secure Backup, as well as the flaws affecting Oracle WebLogic Server.

None of the 10 database flaws are remotely exploitable without authentication.

Also included in the update are security fixes for Enterprise Manager, the TimesTen Data Server, Oracle Application Server, Collaboration Suite, Oracle E-Business Suite and applications, PeopleSoft Enterprise and JD Edwards EnterpriseOne.

The release marks the first critical patch update of 2009 for Oracle, and is slated to come on the same day as Microsoft's Patch Tuesday.