Oracle has released 88 security patches as part of its scheduled April Critical Patch Update (CPU), ten more than on its last patch day in January. One of the patches affects a series of vulnerabilities in the Java JRockit VM with a CVSS Base Score of 10.0 - this is the highest possible level of vulnerability in the Common Vulnerability Scoring System. Oracle also closed holes with a CVSS score of 9.0 in Grid Engine and the Windows version of the database component Spatial (in non-Windows versions the vulnerability score of this flaw is 6.5). All other vulnerabilities have scores of 7.5 or lower.
Of the 88 released updates, 6 patch holes directly in Oracle's Database Server and 6 others might affect it indirectly via Enterprise Manager Grid Control. Of the Grid Control vulnerabilities, 4 can be exploited remotely without authentication. The Oracle Fusion middleware software received 11 advisories, some of which affect Java and therefore also JRockit. Additionally, 17 patches have been released for Oracle FLEXCUBE, 11 affect PeopleSoft Enterprise and 6 relate to MySQL. Oracle has released several patches for Solaris as well.
Details about the patched vulnerabilities are still sparse as the company is trying to prevent attackers from reverse engineering the fixes before its customers have had a chance to deploy them. In an earlier out-of-band update to MySQL, this strategy failed when Oracle accidentally released a proof of concept for exploiting a vulnerability along with a security patch.
Continued : http://www.h-online.com/security/news/item/Oracle-patch-day-addresses-88-vulnerabilities-1541933.html
Oracle fixes 88 security vulnerabilities
Oracle Fixes 88 Bugs with April 2012 Critical Patch Update
See : Vulnerabilities / Fixes - April 18, 2012
Pint-size luxury and funky style
Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.