Oracle’s Critical Patch Update July 2010 is out, with two easy to exploit DoS vulnerabilities in the Database network stack (although one on Windows only), and one critical vulnerability in the OLAP component – let’s just hope that this one opens the DB for attack if OLAP is actually linked in… because I guess most people’s Oracle will not have OLAP built in.
There are three more DB vulnerabilities – check the DB matrix in the appendix for details.
As usual our lucky French Eric Maurice gives the full rundown at the Oracle Security Blog.