Oracle releases patches for all of its software except Java quarterly, in a set of patches it calls a Critical Patch Update (CPU). The next CPU is due on Tuesday, April 19th. Oracle is planning on releasing 73 security patches for various software products in that CPU, including 6 for its flagship database software. Two of the database vulnerabilities are considered critical, meaning they may be exploited over a network without the need for a username and password.
9 patches are expected for Oracle Fusion middleware, 14 for PeopleSoft Suite, and 8 for JD Edwards Suite. Oracle will patch many of its Sun products, including Solaris, and some of the Java server software. However, the widely used Java SE and Java for Business client software are not scheduled to be updated in this release. The June 7th and Oct. 18th CPUs are expected to include the Java platform. Definitiely out of synch with the next CPU for the rest of Oracle’s products, which is due July 19th.