Oracle has published the Pre-Release Announcement for the October CPU/SPU Patch. This Critical Patch Update contains 126 new security vulnerability fixes for several Oracle products. Despite the large amount of security fixes, it is a rather small update from the database point of view. There are only two security fix for the Oracle Database Server and no for client-only installations. But it does contain the fix for Oracle Database 12c Release 1.

The announced highest CVSS rating for databases is 5.5. Because the core RDBMS is affected, it will probably make sense to install this CPU an any database environment. But this has to be verified as soon as the CPU is officially released later this week.

More details about the patch will follow soon on the Oracle Security Pages.

• Critical Patch Updates and Security Alerts
• Oracle Critical Patch Update Pre-Release Announcement – October 2013
• Or posted here 🙂