H Security – (International) Oracle's July patch day brings 87 security updates. In its planned July Critical Patch Update (CPU), Oracle released 87 security updates to fix various vulnerabilities across many product families. The updates affect products including Oracle Fusion Middleware 11g, Oracle Database 10g and 11g, and MySQL. One of the holes was given the highest possible CVSS score of 10.0; it was closed in the JRockit Java Virtual Machine, which is part of Oracle Fusion. Holes were also closed in other Fusion components including Enterprise Manager for Fusion Middleware, Oracle HTTP Server, MapViewer, Outside In Technology, and Portal. The vulnerabilities that affect the Database Server were fixed in the Enterprise Manager for Oracle Database, in Core RDBMS, and in the network layer. Here, the highest CVSS score is 6.8; none of the holes in MySQL exceed this rating either. The company released security updates for Oracle Siebel CRM, Enterprise Manager Grid Control 10g and 11g, Hyperion BI+, Solaris, Solaris Cluster, the SPARC T-Series, the Glassfish Enterprise Server, and the Oracle iPlanet Web Server. Many of the closed holes can be exploited by remote attackers without authentication. Java is not affected by this CPU, as Oracle is planning to provide the next Java update with its October CPU.
Ali Loney, on July 18, 2012