The alert "Oracle Critical Patch Update - July 2006" takes the usual form of recent alerts. Credits are given to the usual suspects, Alex, David, Esteban and a couple of newer names to the Oracle security game, Dr. Christian Kleinewaechter and Swen Thuemmler. The alert covers quite a number of bug fixes, 23 database, 4 database client, 10 application server, 1 collaboration Suite, 20 E-Business Suite, 4 OEM, 2 peoplesoft and 1 JD Edwards bugs.
This quite an array of bugs for a company that has recently seemed to be getting on top of security bugs fixing. The database has a few package based bugs, these would be reasonably easy to work out how to exploit by comparing the new updated packages with the old. There is a raft of OCI bugs and also DB2 sounds like the recent 0-day exploit published on Metalink.
when will we see a CPU with one or two fixes?