Important links around the Oracle CPU / PSU April 2012

I’ve been out of office when the April CPU / PSU has been officially released by Oracle and missed to write a blog post. Nevertheless I’ll now take the chance to put a few information and links around the latest CPU together.
The current CPU / PSU patches are available for 10g and 11g, whereby the download of 10g patches is only possible with a corresponding Extended Support contract.
Overall Oracle addressed 88 vulnerabilities for several Oracle products in this security advisory. 6 of these fixes are just for the Oracle Database Server and one for client-only installations. The maximum CVSS base score for pure Oracle Server vulnerabilities is 9.0, which is quite high. But the big bang are not security fixes with a CVSS of 9.0 but old vulnerabilities which are not fixed. oracle addressed them with a dedicated alert Oracle Security Alert for CVE-2012-1675. The alert is related to an issue identified by Joxean Koret somewhen in 2008 and known as TNS Poison I’ll post a few comments on this later this week.

Affected database component according to the Database Server Risk Matrix:

  • Core RDBMS (mainly Oracle Net)
  • OCI
  • Application Express
  • Enterprise Manager Base Platform

The Database Server Patch’s are available for Oracle Database 11g Release 2 (11.2.0.2, 11.2.0.3), Oracle Database 11g Release (11.1.0.7) and Oracle Database 10g Release 2 (10.2.0.3, 10.2.0.4, 10.2.0.5). There is no patch available for Oracle Database 10g Release 1 (10.1.0.5).

A bunch of useful links around the current CPU / PSU:

As well as a few generic links about CPU / PSU: