The largest number of fixes was for Oracle’s Financial Services Software, with a total of 17 patches. The Oracle Sun products suite contains 15 patches, including five that are remotely exploitable without authentication. Among the Sun products, the most serious of the bugs is a vulnerability in the Oracle Grid Engine that scored a 9.0 out of a possible in 10 on the CVSS 2.0 scoring system. The most critical bug overall belonged to JRockit, Oracle’s proprietary Java Virtual Machine, which scored a 10 on the CVSS scale.
No Java update is on the menu in this release, as Oracle releases those updates on a separate schedule. Java vulnerabilities have been in the news lately due to well publicized attack campaigns such as the resurgence of the Mac OS X Flashback Trojan. The vulnerability targeted in that attack was closed by Oracle in February.