Oracle CPU / PSU Pre-Release Announcement October 2011

Oracle has recently published the Pre-Release Announcement for the CPU Patch. This Critical Patch Update contains 56 new security vulnerability fixes for several Oracle products. 4 of these fixes are just for the Oracle Database Server, but none of them is for client-only installations. The maximum CVSS base score for pure Oracle Server vulnerabilities is 6.5, which is high but not critical. The following Database Server Products are affected.

  • Application Express
  • Core RDBMS
  • Database Vault
  • Oracle Text

So far the Database Server Patch’s are planned for Oracle Database 11g Release 2 (, Oracle Database 11g Release (, Oracle Database 10g Release 2 (,, and Oracle Database 10g Release 1 ( There seems to be no CPU patch for

The official release for the CPU / PSU is planned for next week 18 October 2011. More details about the patch will follow soon on the Oracle Security Pages: