Oracle's Critical Patch Update Includes 66 Fixes
Page 1 of 1
Oracle's release this week of the first Critical Patch Update (CPU) for 2011 fixes 66 vulnerabilities across its software portfolio. The largest category of patched software is Oracle's Sun Products suite with 23 fixes. The January CPU also marks the seventh anniversary of the CPU program at Oracle (NASDAQ: ORCL).
Last year the CPU program expanded with the addition of the Sun product lineup, which is well represented in the January update. The most severe Sun flaw fixes are for the Solaris operating system, which Oracle has rated a 10.0 on the CVSS (Common Vulnerability Scoring System). The highly rated Solaris flaw affects Solaris versions 8, 9 and 10 and is related to a flaw in the calendar manager service daemon.
Across the Sun portfolio's 21 security fixes in total, nine of them are tagged as being remotely exploitable without user authentication.
Among other noteworthy aspects of the CPU release is the Open Office suite, which Oracle identified as having two flaws, both of which are remotely exploitable without user authentication. The Open Office flaw affects version 3.2.1 of the open source office suite and is related to how the program handles Microsoft PowerPoint attachments. Oracle's recently released Oracle Open Office 3.3 is not listed as being affected by the two flaws.
While Oracle touted the transparency of its CPU program, at least one security vendor criticized Oracle's approach. eSecurity has all the details.