(LiveHacking.Com) – Oracle has released its Critical Patch Update (CPU) for January 2013. This month’s set of patches address 86 vulnerabilities across multiple Oracle products, excluding Java which Oracle patches separately. This update contains the following security fixes:
- 6 for Oracle Database Server
- 7 for Oracle Fusion Middleware
- 13 for Oracle Enterprise Manager Grid Control
- 9 for Oracle E-Business Suite
- 1 for Oracle Supply Chain Products Suite
- 12 for Oracle PeopleSoft Products
- 1 for Oracle JD Edwards Products
- 10 for Oracle Siebel CRM
- 8 for Oracle Sun Products Suite
- 1 for Oracle Visualization
- 18 for Oracle MySQL
For the Oracle Database Server the CPU contains 6 new security fixes, a fix for a non remotely exploitable vulnerability in the traditional Oracle Database Server and five security fixes for the Oracle Database Mobile/Lite Server – all of which may be remotely exploitable without authentication.
There are also 7 security fixes Solaris, none of which may be exploited remotely without authentication and one fix for the Sun Storage Common Array Manager (CAM) which is remotely exploitable without authentication.
MySQL has been patched to fix two vulnerabilities that may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The flaws in the MySQL protocol are present in MySQL 5.1.66 and earlier as well as 5.5.28 and earlier.
“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible,” said the company in the update advisory.