According to an alert issued by the vendor, the vulnerability can be remotely exploited by an unauthenticated user to compromise a system

The following versions are affected:

Oracles usual pre-release for the CPU (Critical Patch Update) for October has been released. The pre-release document is usually released the Thursday before the CPU; the CPU is due out next Tuesday the 20th October. The CPU should have been out this Tuesday though but Oracle delayed this CPU because of Open World.

I got an email from Oracle support last night to tell me that the next Oracle Critical Patch Update, the CPU for October: Here is the email (There are no privacy statements so I am guessing its OK to reproduce the whole email):

Oracle database administrators who are worried they might have to skip Oracle's user conference next month to fiddle with security updates can relax. Oracle is cutting them a break and releasing its next set of patches a week later than planned.

The updates, which are released on a set schedule every three months, had been due for release on Oct. 13, slap in the middle of Oracle's OpenWorld conference in San Francisco. But after thinking things over, Oracle has decided to delay the patches. They're now due on Oct. 20.

Check out the updated Solaris resources in the Patching Center and the updated Solaris Install docs in the Solaris documentation hub.

To read the entire article at its source, please refer to Updated: Sys Admin Resources for the Solaris OS on BigAdmin

Oracle Corporation (NasdaqGS: ORCL) has released new Enterprise Linux  patches – this time updating the distributions’ subversion source code repository product, libxml, and apr.

Oracle has now provided a Patch Set Update (PSU) policy in conjunction with the existing Critical Patch Updates. Both patches will be delivered quarterly (Jan,Apr,Jul,Oct) and the PSU will contain the CPU so it is a bit of no-brainer to move to PSU patching if you already perform CPU patching.

For the last three years, as we have released each Critical Patch Update (CPU), we have been simultaneously posting a summary of the CPU on this blog (see for example, the last blog entry discussing CPUJul2009).

Oracle released the nineteenth Critical Patch Update (CPU) on Tuesday, July 14, 2009 (CPU July 2009/CPUJul09). This quarter is the same as the previous eighteen with many patches and long hours in order to get all the security patches applied in a timely manner. Around 12 of the 30 vulnerabilities fixed impact the Oracle E-Business Suite.  Fortunately like the last few quarters, this quarter there are no new Oracle Application Server or Developer 6i patches required for the Oracle E-Business Suite 11i.

Oracle's quarterly security update includes 10 security patches for its database and also other fixes, reports Computerworld.

Oracle on Tuesday released its latest quarterly patch update, which includes 10 security fixes for its database and also addresses a range of vulnerabilities across the vendor's applications portfolio.

Oracle on Tuesday released its latest quarterly patch update, which includes 10 security fixes for its database and also addresses a range of vulnerabilities across the vendor's applications portfolio.

For businesses, today is a Patch Tuesday double-whammy.

Just hours after Microsoft shipped six bulletins to cover multiple flaws in Windows and Internet Explorer, Oracle is getting set to release its quarterly batch of Critical Patch Updates with fixes for at least 33 security vulnerabilities.

According to Oracle:

Oracle on Tuesday released its latest quarterly patch update, which includes 10 security fixes for its database and also addresses a range of vulnerabilities across the vendor's applications portfolio.

Among the 10 database vulnerabilites, three can be exploited across a network without a user name or password. Affected database components include advanced replication, network authentication, Secure Enterprise Search and configuration management, Oracle said.

Oracle's latest patch update fixes critical flaws in two key software products and other flaws across the product line, but Oracle could do more to help administrators.

Oracle today aimed to plug dozens of vulnerabilities in its latest quarterly bundle of patches, with fixes for its BEA product suite and its flagship database as some of the most significant.

Oracle Corp. issued 43 fixes Tuesday as part of its quarterly Critical Patch Update, repairing flaws in its database management system, application server and application product lines.