Oracle has published the Pre-Release Announcement for the July 2014 Critical Patch Update. It looks like that the next Critical Patch Update is somewhat more extensive from the database point of view. It does contain six bug fix for some major security issues. Some of the vulnerabilities may be remotely exploitable without authentication. The security bug fixes are for the Oracle Database Server as well for client-only installations.
The highest CVSS Base Score of vulnerabilities affecting Oracle Database Server is 9.0. The following components are affected:
- Network Layer
- RDBMS Core
- XML Parser
We will see all the details next Tuesday when Oracle is officially releasing official Critical Patch Update for April 2014. Next week I’ll have a closer look and do some test installations.
More details about the patch will follow soon on the Oracle Security Pages.