Oracle announced this week that it has moved Sun Solaris onto its quarterly security patch schedule, starting with the April 2010 Critical Patch Update slated for Tuesday. This new schedule will now inform Sun Solaris users of upcoming security updates months before the patches are distributed.
Oracle also said the April update will contain 47 new security vulnerability fixes "across hundreds of Oracle products." 16 of those fixes will be applied to the Solaris Products Suite alone, including the Sun Ray Server, Sun Cluster, Sun convergence, and more.
"Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products," the company said. "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible."
Out of the 16 new security fixes lined up for the Solaris Products Suite, 8 vulnerabilities may be remotely exploitable without authentication if left unfixed. Oracle said that the vulnerability may be exploited over a network without the need for a username or password.
However, I think software updates should happen immediately instead of every quarter. I don't like the idea of waiting every 3 months for security patches.