Oracle has pre-released the information on the patches expected in its quarterly Critical Patch Update (CPU) on July 17. There will be 88 security patches on a variety of Oracle products, including its Oracle database servers and the former Sun products, the Solaris OS and the MySQL database.
Thirty-eight of the 88 patches are remotely exploitable without authentication and affect most of the product lines, including Solaris, Oracle RDBMS, Fusion Middleware and Siebel, a slight increase of the numbers that we saw last quarter – which were 33 remotely exploitable, also in a total of 88 patches. This quarter only MySQL and Peoplesoft have no remotely exploitable flaws. IT admins who are responsible for the other products listed should be prepared to evaluate their exposure to these flaws, especially if the machines are exposed to the Internet.
Oracle Java will not be updated next Tuesday, as it is released on a separate schedule. Java’s next versions are expected to come out in October.