I got an email from Alex Kornbrust this morning forwarding me an email sent by Oracle today 7th July and issued to all Oracle customers that had downloaded the Critical Patch Update for April 12 from their website. I did not receive this email myself yet. The email starts by saying that the person receiving it is doing so because they downloaded CPU 12 April for Oracle database versions 126.96.36.199, 188.8.131.52, 10.1.0.2, 10.1.0.3 and 10.1.0.4. It goes on to say that a step has been missed from the installation script that caused a JAR file to not be uploaded to the database. If you have not installed the JVM then there is no issue.
It goes on to say how to correct the problem after completing the installation of CPU 12 April. First start up the databases running out of the ORACLE_HOME that has been patched. For each database in the ORACLE_HOME being patched connect to the database with SQL*Plus as SYSDBA and issue the following command:
SQL> exec sys.dbms_java.loadjava('-v -f -r -s -g public rdbms/jlib/CDC.jar');
The email goes on to express apologies.
If you have installed CPU 12 April and if you have also installed the JVM then I urge you to follow these above instructions as your database is currently vulnerable.