As expected, Oracle Tuesday released 51 new security fixes for flaws across its database and application server products as well as its collaboration software and e-business suites.
Of these, 26 fixes addressed flaws in the company's database products, including 10 that the company said could be remotely exploited without the need for a username or a password. Oracle typically assigns its highest severity ratings to such flaws.
Tuesday's Critical Patch Update (CPU) from Oracle also contained 12 fixes for vulnerabilities in Oracle's Application Server software, eight of which were rated "critical" because they can be remotely exploited without any user authentication. Also included in the update were three patches for holes – including one that could be remotely exploited – in Oracle's PeopleSoft product.
The patches were released as part of Oracle's regularly scheduled quarterly security updates. The last one was in October, when the company released 101 fixes across its entire range of products.
Tuesday's update was preceded by a pre-release bulletin last week detailing the affected products, the number of vulnerabilities fixed, a severity rating score and other information designed to give administrators more time to plan their patching activities.
It's the first time Oracle released such advance information on its patches and is part of a continuing effort by the company to make its security updates easier to understand and to deploy.
"Customers have asked for a CPU summary in the past, so this will be favourably accepted," said Rich Niemiec, a former president of the International Oracle Users Group and the CEO of The Ultimate Software Consultants, a US-based consultancy firm.
Find your next job with computerworld UK jobs