Oracle has recently published the Pre-Release Announcement for the CPU Patch. This Critical Patch Update contains 56 new security vulnerability fixes for several Oracle products. 4 of these fixes are just for the Oracle Database Server, but none of them is for client-only installations. The maximum CVSS base score for pure Oracle Server vulnerabilities is 6.5, which is high but not critical. The following Database Server Products are affected.
- Application Express
- Core RDBMS
- Database Vault
- Oracle Text
So far the Database Server Patch’s are planned for Oracle Database 11g Release 2 (11.2.0.2), Oracle Database 11g Release (11.2.0.7), Oracle Database 10g Release 2 (10.2.0.3, 10.2.0.4, 10.2.0.5) and Oracle Database 10g Release 1 (10.1.0.5). There seems to be no CPU patch for 11.2.0.3.
The official release for the CPU / PSU is planned for next week 18 October 2011. More details about the patch will follow soon on the Oracle Security Pages:
Pingback: Oracle CPU / PSU Pre-Release Announcement October 2011 - Stefan Oehrli - Blogs - triBLOG
Pingback: Update: Oracle released CPU / PSU October 2011 | OraDBA
Pingback: Update: Oracle released CPU / PSU January 2012 | OraDBA