Article

Oracle to patch 37 flaws

Bill Brenner
Oracle Corp. plans to fix 37 flaws across its product line April 17, according to a preview of the upcoming Critical Patch Update (CPU) released late Tuesday.

Attackers could potentially exploit

    Requires Free Membership to View

the most severe flaws to compromise the database server or the host operating system, the Redwood Shores, Calif.-based, database giant said.

The CPU will include 13 fixes for Oracle Database, two for Oracle Enterprise Manager, one for Oracle Workflow Cartridge and one for the Ultra Search component affect code bundled with the Oracle Database. Three of these may be remotely exploited over a network without a username and password.

Five fixes are planned for Oracle Application Server, along with one Oracle Workflow Cartridge fix and one Oracle Secure Enterprise Search fix. Two of the flaws may be remotely exploited over a network without the need for a username and password.

Oracle security:
Jan. 17: Oracle releases 51 security fixes The flaws are across Oracle's product line and attackers could exploit them remotely to compromise vulnerable systems.

Podcast: The state of Oracle security: In this edition of Security Wire Weekly, Oracle DBA Jon Emmons gives his observations about Oracle's new critical patch update format.

Report: Microsoft beats Oracle on security: In a new whitepaper, security guru David Litchfield of Next Generation Security explains why Microsoft has a tighter grasp on its database defenses than Oracle.

One fix is planned for Oracle Collaboration Suite, including one Oracle Workflow Cartridge fix. Neither issue is remotely exploitable without authentication, Oracle said.

Eleven fixes are planned for Oracle E-Business Suite, two of which may be remotely exploited without authentication.

Two fixes are planned for Oracle Enterprise Manager, both of which may be remotely exploitable without authentication.

Two fixes are planned for Oracle PeopleSoft Enterprise PeopleTools, one for PeopleSoft Enterprise Human Capital Management and one for JD Edwards EnterpriseOne and JD Edwards OneWorld Tools.

If the numbers hold up when the official CPU is released, this will be one of Oracle's smallest patch loads in recent memory.

Its January CPU addressed 51 flaws, while its October 2006 CPU plugged 101 security holes.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: