Oracle has just officially released the CPU / PSU Patches for october 2011. In contrast to the previously announced 56 bug fixes, there are now 57 bug fix. It looks like another bug fix for databases has been added to the CPU / PSU bundle. Never the less none of them is remote exploitable without authentication. None of these fixes are applicable to client-only installations. The maximum CVSS rating for the database vulnerabilities is still 6.5.

The following Database Server Products are affected.

• Application Express
• Core RDBMS
• Database Vault
• Oracle Text

As I mentioned in a previous post Oracle CPU / PSU Pre-Release Announcement October 2011 the CPU / PSU patches are available for 10g and 11g. Whereby the download of 10g patches is only possible with a corresponding Extended Support contract. Brief overview of the available versions

• Oracle Database 11.2.0.3 => no CPU/PSU bug fix are included in patchset
• Oracle Database 11.2.0.2 => normal CPU/PSU
• Oracle Database 11.1.0.7 => normal CPU/PSU
• Oracle Database 10.2.0.x => Extended support contract required

A bunch of useful links around the current CPU / PSU:

• Oracle Critical Patch Update Advisory – October 2011
• Oracle Critical Patch Update October 2011 Documentation Map [ID 1339643.1]
• Patch Set Update and Critical Patch Update October 2011 Availability Document [ID 1346104.1]
• US-CERT Oracle Releases Critical Patch Update for October 2011

As well as a few generic links about CPU / PSU:

• Critical Patch Updates and Security Alerts
• Release Schedule of Current Database Releases [ID 742060.1]
• Risk Matrix Glossary – terms and definitions for Critical Patch Update risk matrices [ID 394486.1]
• Use of Common Vulnerability Scoring System (CVSS) by Oracle [ID 394487.1]
• DB, FMW, EM Grid Control, and OCS Software Error Correction Support Policy [ID 209768.1]