Home > Security News > Oracle unloads critical patch pile
Security News:
EMAIL THIS

Oracle unloads critical patch pile

By Bill Brenner, News Writer
19 Oct 2005 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Oracle Corp. released a mammoth security update Tuesday, fixing critical flaws malicious users could exploit to launch damaging code, bypass access restrictions, cause a denial of service or conduct cross-site scripting and SQL injection attacks.

For more information

Read our exclusive: Oracle issues patches, but misses the mark, again.

Read our exclusive: OPatch, wherefore art thou?
The Redwood Shores, Calif.-based vendor offered few details on what the vulnerabilities are and where they reside, though it did describe yesterday's rollout as a critical "collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required (because of interdependencies) by those security patches."

Oracle said the vulnerabilities affect the following products:

  • Oracle Application Server 10g
  • Oracle Collaboration Suite Release 1
  • Oracle Collaboration Suite Release 2
  • Oracle Database 8.x
  • Oracle Database Server 10g
  • Oracle Developer Suite 10g
  • Oracle E-Business Suite 11i
  • Oracle Enterprise Manager 10.x
  • Oracle Enterprise Manager 9.x
  • Oracle9i Application Server
  • Oracle9i Database Enterprise Edition
  • Oracle9i Database Standard Edition
  • PeopleSoft Enterprise Customer Relationship Management (CRM) 8.x
  • PeopleSoft EnterpriseOne Applications 8.x
  • JD Edwards EnterpriseOne 8.x
  • JD Edwards OneWorld 8.x

Danish vulnerability watchdog Secunia said in an advisory that as many as 85 vulnerabilities may affect various Oracle products. Secunia said the glitches include, among other things:

  • A buffer overflow flaw and 17 PL/SQL injection vulnerabilities in Oracle Database 10g and Oracle9i Database Server.
  • A problem in which "some input passed to 'test.jsp' of the Oracle Reports Server isn't properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site."

The French Security Incident Response Team (FrSIRT) also issued an advisory on the patches, saying the flaws could be used "by remote or local attackers" to launch the various exploits.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



More Tips to Secure Your Network
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts