Included in the database fixes are two flaws known publicly through database hacker David Litchfield and one fix for the allowed complete takeover of database and server that included the operating system.
The Oracle database, from version 9i to 11g, is included in the current Critical Patch Update.
The Critical Patch Update, from Oracle contains 47 new security fixes across Oracle products, including newly acquired Sun product lines. These collections of patches for multiple security vulnerabilities are cumulative but each advisory only describes the new fixes added since the last Critical Patch Update. Oracle advises that all customers apply CPU fixes as quickly as possible.