Oracle today released its July 2012 edition of its Critical Patch Updates (CPUs). Oracle CPUs cover most of Oracle products with the exception of Oracle Enterprise Linux and Oracle Java, which receive updates on separate schedules.
This quarter’s update has a similar size to last quarter with 88 patches touching over 15 product groups, including the core RDBMS, Solaris OS, MySQL database server and Oracle’s Middleware:
- Oracle Database Server: both versions 10 and 11 are affected by five vulnerabilities. Three of the vulnerabilities are in the Oracle networking component, but two are limited to the Windows OS. The highest CVSS score is 6.8.
- Oracle Solaris: 20 vulnerabilities in Solaris itself, including the highest CVSS score of 7.8, plus an issue in the Glassfish application server and one in the iPlanet web server.
- MySQL Server: six vulnerabilities in all versions, but all requiring authentication. Highest CVSS score: 6.8.
- Oracle Fusion Middleware: 23 vulnerabilities, with 14 affecting the product Oracle Outside In Filters and one patch backporting several Java fixes into JRockIt,
The large update covering multiple products will be easier to install if a good map of the current versions exists. In any case we recommend addressing vulnerabilities on systems that are Internet accessible first, Solaris Operating System, iPlant/Glassfish and MySQL.