Oracle Critical Patch Update for October, 2010 to fix 81 Vulnerabilities

Oracle issued a Pre-Release Announcement this week, providing advance information about the Oracle Critical Patch Update to be released on Tuesday, October 12, 2010.

According to Oracle, the upcoming "Critical Patch Update" will contain 81 new security vulnerability fixes across hundreds of Oracle products. 31 out of 81 vulnerabilities are in the Oracle Sun Products Suite. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.

Affected Products and Components

Security vulnerabilities addressed by the Critical Patch Update coming Tuesday, October 12, 2010 affect the following products:

Oracle Database 11g Release 2, version 11.2.0.1

Oracle Database 11g Release 1, version 11.1.0.7

Oracle Database 10g Release 2, versions 10.2.0.3 and 10.2.0.4

Oracle Database 10g, Release 1, version 10.1.0.5

Oracle Fusion Middleware, 11gR1, versions 11.1.1.1.0 and 11.1.1.2.0

Oracle Application Server, 10gR3, version 10.1.3.5.0

Oracle Application Server, 10gR2, version 10.1.2.3.0

Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0 and 10.1.3.4.1

Oracle Identity Management 10g, versions 10.1.4.0.1 and 10.1.4.3

Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1 and 12.1.2

Oracle E-Business Suite Release 11i, versions 11.5.10 and 11.5.10.2

Agile PLM, version 9.3.0.0

Oracle Transportation Management, versions 5.5, 6.0, and 6.1

PeopleSoft Enterprise CRM, FMS, HCM and SCM (Supply Chain), versions 8.9, 9.0 and 9.1

PeopleSoft Enterprise EPM, Campus Solutions, versions 8.9 and 9.0

PeopleSoft Enterprise PeopleTools, versions 8.49 and 8.50

Siebel Core, versions 7.7, 7.8, 8.0 and 8.1

Primavera P6 Enterprise Project Portfolio Management, versions 6.21.3.0 and 7.0.1.0

Oracle Sun Product Suite

Vulnerabilities fixed by Critical Patch Updates are scored using the standard CVSS 2.0 scoring (see Oracle's Use of CVSS Scoring). The highest CVSS 2.0 Base Score for vulnerabilities in this Critical Patch Update is 10.0 for vulnerability affecting Solaris Scheduler.

For additional details visit the Oracle Technology Network information page here.