I wanted to emphasise this as I have just seen this morning a post to the comp.databases.oracle.server newsgroup where someone is asking about the availability of additional information about these bugs. This type of request is not the first I have seen on mailing lists and newsgroups. If this increases or the information becomes more readily available then some companies are going to have problems. Exploits are not just used by internet based hackers they can also be used internally by employees.
Apply the patches soon if you have not done so already.