While Java is getting 51 fixes, Oracle’s namesake database is only receiving two fixes in the October CPU. Oracle’s Fusion middleware is not as lucky—receiving 17 security fixes, 12 of which patch vulnerabilities that are remotely exploitable without authentication. The Oracle and Sun Systems Products Suite is being updated with 12 patches, with five of the issues being vulnerabilities that are remotely exploitable without authentication.
The size of the overall Oracle October CPU is cause for concern for some security experts. Kandek noted that he’s not certain if having the Java patches as part of the regular Oracle CPU is a good thing.
“Normally I would say yes, because it is good to have as much predictability as possible, but on the other hand, the bigger the CPU becomes, the more likely IT admins will feel overwhelmed,” Kandek said. “It is formally the right thing to do; let’s see how it will work out workload-wise for IT.”