Oracle to release 37 security patches next week

Oracle announced late Monday that it will release 37 security fixes as part of its quarterly critical patch update scheduled for Tuesday. Thirteen of the patches address vulnerabilities in the widely deployed Oracle Database, with the highest severity rating a seven out of 10, according to a company announcement. Three of the vulnerabilities may be remotely exploitable without user authentication, making them particularly serious.

Additionally, Oracle is releasing two patches for Enterprise Manager and one each for WorkFlow Cartridge, Secure Enterprise Search and the Ultra Search component that is bundled with Oracle Database.

Another five fixes are slated for the Oracle Application Server, but the most serious of those vulnerabilities carries just a 4.2 out of 10 rating, according to Oracle, although attackers can remotely exploit two of the bugs.

The company plans an additional 11 fixes for the E-Business Suite, with two of the flaws being remotely exploitable. The most critical rating for those is also 4.2. Two patches also are slated for the Enterprise Manager and PeopleSoft Enterprise Tools.