Oracle lands admins with 78 patches

Oracle is set to announce another mammoth quarterly patch update for security administrators on Tuesday, with over 70 fixes planned covering hundreds of products, although none of the vulnerabilities addressed have the top CVSS rating of 10.

The business software giant's Critical Patch Update for January covers the firm's Database Server, Fusion Middleware, E-Business Suite, Supply Chain, PeopleSoft, JD Edwards, Sun, Virtualisation and MySQL products.

Most heavily affected is MySQL, which Oracle has issued 27 patches for, including one vulnerability which may be remotely exploitable without the need for authentication, the firm said.

The highest CVSS-rated vulnerability, however, is one that affects the Oracle Sun Products Suite. Of the 17 vulnerabilities in the suite, six are exploitable without authentication.

Elsewhere there were three patches for Oracle Virtualisation, eight for JD Edwards, six for PeopleSoft, 11 for Fusion Middleware and just two for the firm's flagship Oracle Database Server.

"Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products," the firm said in its Critical Patch Update Pre-Release Announcement.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible."

The update follows a similarly hefty security release in the previous quarter when Oracle posted fixes for 56 flaws in its products.

The news also follows just a few days after Microsoft released its monthly Patch Tuesday security update, issuing seven bulletins for Windows and Office.