Oracle has released its Critical Patch Update for October 2009 to address 38 vulnerabilities across several database and server products. The update contains the following security fixes:

• 16 for the Oracle Database
• 3 for the Oracle Application Server
• 8 for the Oracle E-Business Suite and Applications
• 4 for the Oracle PeopleSoft and JD Edwards Suite
• 6 for the Oracle BEA Products Suite
• 1 for the Oracle Industry Applications Products Suite

Oracle users and administrators should immediately review the October Critical Patch Update and apply any necessary updates.

Alexander Kornbrust of Red Database Security has more details including a claim that there are more than 20 unfixed issues still pending.