Oracle - April Security Updates 41 patches for their product family
DBAs and Admins should deploy these patches expediently after lab testing, to ensure the best levels of security and information protection
http://isc.sans.org/diary.html?storyid=4283
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html
QUOTE: Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible. This Critical Patch Update contains 41 new security fixes across all products.
The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents. Supported Products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied. Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.
The Critical Patch Update Advisory is available at any of the following locations:
Oracle Technology Network
Oracle, PeopleSoft and JD Edwards products
The next four Critical Patch Update release dates are:
July 15, 2008
October 14, 2008
January 13, 2009
April 14, 2009