Today Oracle has published the Pre-Release Announcement for the first CPU Patch in 2013. This Critical Patch Update contains 86 new security vulnerability fixes for several Oracle products. From the Oracle database point of view it is quite a small update. There is only one security fix for the Oracle Database Server and no for client-only installations.
Although the CVSS rating of this vulnerability is 9.0, it looks that there is no hurry to install this security fix on most of the database environments. This is because only the spatial is affected. If this is true, we’ll see next Tuesday when Oracle is officially releasing CPU / PSU January 2013. Next week I’ll have a closer look.
More details about the patch will follow soon on the Oracle Security Pages.