Last july Oracle released a Critical Patch Update (CPU, a collection of patches for multiple security vulnerabilities) fixing 19 flaws in Oracle Database, 14 flaws in E-Business suite, 7 flaws in PeopleSoft products, 4 flaws in Application Server, and 1 in Collaboration Suite. Obviously it wasn't enough...

In a pre-release announcement to customers, Oracle announced a new CPU which will be released on october 16. This CPU will contain 51 security patchs, 27 of them are for the database, 11 for Application Server, 8 for E-Business suite, 2 for Enterprise Manager and 3 for PeopleSoft Enterprise and JDEdwards EnterpriseOne.

5 of the 27 vulnerabilities of Oracle database may be remotely exploitable without authentication, i.e. they may be exploited over a network without the need for a username and password.

The pre-release announcement :

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html