The Critical Patch Update for October 2006 is now available. Oracle strongly recommends applying the patches as soon as possible.
New for the October 2006 Critical Patch Update
The following improvements have been made to the advisory format:
- The risk matrices now use the Common Vulnerability Scoring System (CVSS) to summarize vulnerabilities. Oracle continues to provide additional information consistent with that in risk matrices for previous Critical Patch Updates. More information about the new risk matrix columns and Oracle’s implementation of the CVSS standard can be found in the References section.
- Each product suite contains a brief executive summary of the number and type of vulnerabilities newly fixed in this Critical Patch Update.
- Client applicability information, listing patches that need to be applied to machines other than servers, is now listed per product suite.
The Critical Patch Update Advisory on the OTN Critical Patch Updates and Security Alerts Center is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.
It is essential to review the Critical Patch Update supporting documentation before applying patches, since this is where you can find important relevant information.
The next four Critical Patch Update release dates are:
- January 16, 2007
- April 17, 2007
- July 17, 2007
- October 16, 2007