A new Critical Patch Update is due out tomorrow, January 12, 2010 that fixes 10 new security vulnerabilities across eight database components that include:
- Application Express Application Builder
- Core RDBMS
- Listener
- Oracle Data Pump
- Oracle OLAP
- Oracle Secure Backup
- Oracle Spatial
- Oracle Universal Installer
The fixes include one vulnerability for Oracle Secure Backup and two vulnerabilities that could be exploited remotely without authentication (no credentials required over the network). Good to know is that none of these vulnerabilities affect client-only installations (installations that do not have the Oracle Database installed).
Visit Oracle Critical Patch Update Pre-Release Announcement – January 2010 for description of other Oracle products effected.