Today, October 20, Oracle releases its quarterly CPU. There are lots of vulnerabilities DBAs must act upon ASAP. I specially want to point out that, although it "only" addresses 38 vulnerabilities...

• 16 fixes address flaws in the Oracle database (six can be exploited remotely without user interaction)
• 3 fixes address flaws in the Oracle Application Server (two can be exploited remotely without user interaction)
• 8 fixes address flaws in the Oracle Applications Suite (five can be exploited remotely without user interaction)

More (advance) information in the pre-release announcement, and in a few hours...:

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html

--
Raul Siles
www.raulsiles.com