Oracle patches 59 flaws

Oracle has excelled itself again with a mammoth Critical Patch Update (CPU), releasing a whopping 59 fixes yesterday, including 21 for its Sun Products Suite.

Among the highest severity vulnerabilities, given a CVSS base score of 10.0, are a flaw in the TimesTen In-Memory Database and two in the Oracle Secure Backup product.

There were 17 fixes in total scheduled for Oracle applications including PeopleSoft and JDEdwards suite, the Supply Chain Products suite and the E-Business suite.

However, the biggest set of fixes was reserved for Sun's Solaris products.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible," noted the CPU.

"Until you apply the CPU fixes, it may be possible to reduce the risk of successful attack by restricting network protocols required by an attack."

Removing user privileges or the ability to access certain packages from users that do not need the privileges may help reduce the risk of successful attack, although must only be seen as a temporary solution, said Oracle.

It will be a busy time for security administrators, who also had to cope with the latest Patch Tuesday from Microsoft, which saw the release of four fixes for five vulnerabilities capable of allowing remote code execution attacks.