Oracle to patch 37 flaws

Article

Oracle to patch 37 flaws

Bill Brenner, Senior News Writer
Oracle Corp. plans to fix 37 flaws across its product line April 17, according to a preview of the upcoming Critical Patch Update (CPU) released late Tuesday.

Attackers could potentially exploit

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

the most severe flaws to compromise the database server or the host operating system, the Redwood Shores, Calif.-based, database giant said.

The CPU will include 13 fixes for Oracle Database, two for Oracle Enterprise Manager, one for Oracle Workflow Cartridge and one for the Ultra Search component affect code bundled with the Oracle Database. Three of these may be remotely exploited over a network without a username and password.

Five fixes are planned for Oracle Application Server, along with one Oracle Workflow Cartridge fix and one Oracle Secure Enterprise Search fix. Two of the flaws may be remotely exploited over a network without the need for a username and password.

Oracle security:
Jan. 17: Oracle releases 51 security fixes The flaws are across Oracle's product line and attackers could exploit them remotely to compromise vulnerable systems.

Podcast: The state of Oracle security: In this edition of Security Wire Weekly, Oracle DBA Jon Emmons gives his observations about Oracle's new critical patch update format.

Report: Microsoft beats Oracle on security: In a new whitepaper, security guru David Litchfield of Next Generation Security explains why Microsoft has a tighter grasp on its database defenses than Oracle.

One fix is planned for Oracle Collaboration Suite, including one Oracle Workflow Cartridge fix. Neither issue is remotely exploitable without authentication, Oracle said.

Eleven fixes are planned for Oracle E-Business Suite, two of which may be remotely exploited without authentication.

Two fixes are planned for Oracle Enterprise Manager, both of which may be remotely exploitable without authentication.

Two fixes are planned for Oracle PeopleSoft Enterprise PeopleTools, one for PeopleSoft Enterprise Human Capital Management and one for JD Edwards EnterpriseOne and JD Edwards OneWorld Tools.

If the numbers hold up when the official CPU is released, this will be one of Oracle's smallest patch loads in recent memory.

Its January CPU addressed 51 flaws, while its October 2006 CPU plugged 101 security holes.