Oracle on Tuesday plans to release patches for 56 new vulnerabilities in a huge number of its products through its scheduled quarterly critical patch update. The company said that the various vulnerabilities in this month’s CPU affect hundreds of Oracle products.
The most serious group of vulnerabilities that will be patched on Tuesday is a set of 22 flaws in the Oracle Sun Products Suite, a collection of technologies that formerly belonged to Sun Microsystems, including the Solaris operating system and SPARC servers. That vulnerability set includes nine bugs that attackers can exploit remotely without authentication. The products affected by these bugs include:
- Oracle Communications Unified
- Oracle GlassFish Server
- Oracle OpenSSO
- Oracle Waveset
- Solaris
- SPARC T3, Netra SPARC T3, Sun Fire, Sun Blade
Among the other products involved in the October CPU is the Oracle Database Server, which contains four new vulnerabilities that the company is patching today. None of these flaws can be exploited remotely by an unauthenticated attacker, the company said in its advisory.
Also on Tuesday Oracle will release a set of fixes for the Jave SE platform, which will include patches for 20 vulnerabilities, 19 of which can be exploited remotely by an unauthenticated attacker. The company said that at least one of the vulnerabilities has the highest possible severity rating on the CVSS scale, which is 10.