Oracle over the weekend made a pre-release announcement of an upcoming 'Critical Patch Update' slated for release this Tuesday, January 12, 2010.
The upcoming patch will contain no less than 24 new security vulnerability fixes intended for hundreds of Oracle products, including the Oracle Database and Oracle E-Business Suite, the company said. Some of the bug fixes affect more than one product.
Two new security fixes for the Oracle Primavera Products Suite are also included, although Oracle said "these vulnerabilities are not remotely exploitable without authentication, i.e., may not be exploited over a network without the need for a username and password."
More info here