Oracle to issue 59 critical patches

Oracle on Tuesday will release 59 patches to fix security weaknesses affecting hundreds of products, according to a notice on its Web site.

Twenty-one of the vulnerabilities affect products related to Solaris, the Unix operating system Oracle acquired through its purchase of Sun Microsystems. Seven of them can be exploited remotely over a network without requiring a password or username, Oracle said.

Among the Solaris products in question are OpenSSO, Solaris Studio, Sun Convergence and Glassfish Enterprise Server.

The update also includes 13 patches for Oracle's database product line. Seven are for remotely exploitable vulnerabilities in the TimesTen in-memory database component and the Secure Backup product. Those weaknesses received CVSS (Common Vulnerability Scoring System) scores of 10.0, the most severe on the scale.

Seven other fixes target Fusion Middleware products. Another 16 are for E-Business Suite, PeopleSoft, JD Edwards and other applications. One patch is included for an issue with Enterprise Manager.

Oracle recommends that users apply the patches as soon as possible, the site states.

Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris's e-mail address is Chris_Kanaracus@idg.com