Oracle released it's quarterly accumulated patches today.

For those that do patch their databases, I'd suggest you round up your DBAs and run over these with them as well as your server administrators who'll get potentially a lot more work as well on "reboot wednesday".

Oracle released fixes for:

• Oracle Database (9 vulnerabilities),
• Oracle Application Server (7 vulnerabilities),
• Oracle Collaboration Suite (1 vulnerability),
• Oracle E-Business Suite and Applications (5 vulnerabilities),
• Oracle enterprise manager (2 vulnerabilities),
• Oracle PeopleSoft and JD Edwards Applications (5 vulnerabilites),
• Oracle Siebel (6 vulnerabilities), or
• BEA Product Suite (6 vulnerabilities)

If you run any of them, you need to review the fixes available. Oracle does provide CVSS ratings for the vulnerabilities.

When two monster patch cycles collide on the same day, I guess a few will get overworked. Same thing is likely to reoccur on their next scheduled release on January 13th, 2009.

--
Swa Frantzen -- Section 66