The ironically-acronymed CPU is a major one, the company said, and contains 109 new security vulnerability fixes across hundreds of Oracle products, including Oracle Database, WebLogic server, PeopleSoft, Siebel, MySQL and VM Virtual Box.
Oracle warns that in every case, one or more vulnerabilities being patched may be remotely exploitable without authentication, i.e., can be exploited over a network without the need for a username and password. It’s imperative, the company said, for administrators to update their systems as quickly as possible.
“Overall, this is a big release that will keep system administrators busy on all fronts,” said Amol Sarwate, director of vulnerability labs for Qualys, in a blog post.
Especially business applications administrators, apparently: Oracle Fusion Middleware has 26 new security fixes, making it the product with the most fixes in this release by far. That’s followed by 13 for Oracle Financials. It also has nine new security fixes each for for Oracle E-Business Suite, Oracle Supply Chain and PeopleSoft. And, Siebel CRM, Oracle Virtualization and Industry Applications have two each.
There are 18 security updates for former Sun products like GlassFish, Solaris and SPARC. MySQL gets 14 security updates.
The CPU also brings five new security fixes to the Oracle Database Server. But two of the fixes are applicable to client-only installations, i.e., installations that do not have the Oracle Database Server installed.
In last August Oracle was forced to issue an out-of-cycle patch for a Java zero-day exploit that was rapidly making the rounds. The software giant plugged the hole, but one firm's analysis said that the patch still left vulnerabilities.