Oracle to release a mega patch tomorrow

Oracle will be releasing its January 2014 quarterly patches with 47 vulnerability fixes, 85 of them for bugs which are remotely exploitable.

According to Oracle, this group of updates affects 47 products. There are 147 bug fixes; some of the bugs affect multiple products, so the total number of vulnerabilities addressed is less than 147, but not specified.

Of these, 47 of the fixes are for vulnerabilities which can be exploited remotely without authentication, and Oracle spinners said that the fix should be applied as soon as possible.

Most of the 36 of the fixes will be for Java 7 SE products, 34 of them vital.

Some 25 fixes will be released for various products in Oracle’s Fusion Middleware, including WebCenter and GlassFish Server. Twenty-two of them concern weaknesses that can be remotely exploited without the need for a user name and password.

Sixteen patches are aimed at Oracle’s supply chain software, with six of them remotely exploitable without authentication. Another 17 fixes cover PeopleSoft applications, five for Oracle’s database, 11 for the Solaris OS, and nine for Oracle’s virtualisation software.

There will be five patches for Oracle’s database, as well as 18 for MySQL, according to the announcement.

Oracle released 127 bug fixes in its last release, which came in October. That update included 51 fixes for Java. Oracle tends to issue its patches on the same day as Microsoft, so that administrators can roll them all out at once.