It's no-questions-asked overtime for data centre staffers again, after Oracle published its latest monster update batch on Wednesday night.

The October update covers vulnerabilities across Oracle's full software product range which is, of course, extensive. There are 36 bulletins in total. Among them are 15 updates for Oracle Database Suite, six involving Oracle Application Server and four involving E-Business Suite applications. There are a quintet of updates for Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne and six involving BEA application server tech.

One of the database vulnerabilities lends itself to remote exploitation without authentication. Two of the six Application Server flaws pose a similar risk of allowing hackers to launch attacks across the net, without the need to know either user names or passwords. A brace of Oracle E-Business server security bugs, addressed by the patch batch, also pose a critical danger. Five of the BEA bugs are also remotely exploitable.

Oracle's risk and patching matrix provides a comprehensive overview of the three dozen updates. Although none have been tied to specific hacking attacks or script-kiddie friendly exploit packages, according to security clearing houses such as US CERT and Secunia at least, early patching is still advisable. ®

Related stories

• Oracle releases whole security blanket of patches (16 April 2009)
• Solitary MS update lances critical Windows risk (14 January 2009)
• Oracle patch batch eclipses Microsoft Patch Tuesday (9 January 2009)
• Oracle tripped up by 'leap second' (7 January 2009)
• Oracle takes profit blow (19 December 2008)
• Oracle warns over unpatched vuln (29 July 2008)
• Oracle preps summer patch cluster (11 July 2008)
• Cisco hops onto patching treadmill (6 March 2008)
• Oracle readies mega-update patching 51 security holes (13 October 2007)