IT admins would do well to prepare themselves for a rather large collection of security
updates that Oracle
is planning to release this Thursday. The updates are supposed to fix precisely 113 security vulnerabilities that a apply to hundreds of versions of the company's products, including Database, Fusion Middleware, Solaris, MySQL Server, and many more.
"A Critical Patch Update is a collection of patches for multiple security vulnerabilities. This Critical Patch Update contains 113 new security vulnerability fixes across hundreds of Oracle products," Oracle explain in a blog post. "Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible."
This collection of updates didn't come out of the blue, but is part of Oracle's quarterly update schedule. Among them are fixes for 20 vulnerabilities in Java SE, all of which the company said are remotely exploitable without authentication (no username or password needed).
There are also 10 new security fixes for MySQL, though Oracle says none of them can be exploited by a remote attacker without authentication.