Oracle Patch Batch Affects ‘hundreds’ of Products

Oracle on Tuesday will release 76 patches affecting hundreds of its products as well as Java SE.

Fifty-six of the patches are aimed at Oracle products, and due to the danger of a successful attack, customers should apply them immediately, Oracle said.

Affected products include Oracle’s 11g and 10g database; Fusion Middleware 11g, Oracle Application Server 10g; E-Business Suite releases 12 and 11i; various versions of PeopleSoft Enterprise and Siebel CRM; Oracle Linux 5; and Oracle Sun Ray.

The most serious fix is for Oracle’s Solaris OS. That vulnerability earned a 9.3 base score on the CVSS (Common Vulnerability Scoring System), the highest in the patch bundle.

None of the four database server patches can be exploited by a remote attacker without a password and username, Oracle said. However, the opposite is true for five of the 10 Fusion Middleware fixes and three of the ones for E-Business Suite.

None of the PeopleSoft bugs are remotely exploitable, but it’s possible to do so with one of the three Siebel vulnerabilities.

The other 20 patches are for Java SE and affect products such as JavaFX and JRockit. Nineteen of the 20 can be exploited remotely without authentication, Oracle said.

In terms of scope, the patch update compares closely to July’s release, which included 78 fixes.

It also aligns the patch release date for Java SE with the rest of Oracle’s products, although it wasn’t immediately clear Tuesday that this will be the plan moving forward.

Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris’s e-mail address is Chris_Kanaracus@idg.com