Oracle has released its Critical Patch Update for October 2009 to address 38 vulnerabilities across several database and server products. The update contains the following security fixes. Alexander Kornbrust of Red Database Security has more details including a claim that there are more than 20 unfixed issues still pending. The latest update addresses 38 vulnerabilities in the Oracle Database, Oracle Application Server and Oracle E-Business Suite products, Oracle PeopleSoft, Oracle BEA Products Suite and Applications Applications Products Suite. The update also addresses 38 issues in Oracle Database and Application Server products.
Source: https://threatpost.com/oracle-releases-critical-patch-update-102109/72439/