Oracle emulates Microsoft with advance patch notice

By Bill Brenner, Senior News Writer 12 Jan 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

A spokeswoman for the Redwood Shores, Calif.-based database giant said the advance summary is designed to help customers plan their patching schedules more efficiently. The move is also part of the company's larger effort to make its Critical Patch Updates (CPUs) easier to digest.

Oracle patch bulletins: Podcast: The state of Oracle security (Nov. 1, 2006) Podcast: Oracle's Darius Wiles on issues with its patch process (July 20, 2006)   Column: Oracle responds to security critics News: Oracle bulletins will rank patches, offer more detail

Oracle's patching process has been criticized. Some security experts and database administrators have said the quarterly patch bulletins offered too few details on the nature of what was being fixed, and that some flaws weren't always fixed as advertised. Others have accused the company of sitting on flaws it has known about for a year or more.

The company took its first step toward improving the process last October, when it released a streamlined CPU bulletin that ranked the importance of the fixes and offered additional vulnerability details.

According to the advance bulletin released Thursday, Oracle will fix 52 flaws across its product line next week. This will include 27 fixes for flaws in Oracle Database products, 10 of which may be remotely exploitable without authentication; and 12 new fixes for flaws in the Oracle Application Server, eight of which may be remotely exploitable without authentication. Fixes are also expected for E-Business Suite, Enterprise Manager and PeopleSoft Enterprise.

"While this pre-release announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the CPU advisory," Oracle said in the advance bulletin.

Tags: Database Security Management,  Security Patch Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Database Security Management Oracle to buy Sun Microsystems for $7.4 billion Oracle issues 43 updates, fixes serious database flaws Information security book excerpts and reviews Kaspersky website hacked multiple times, expert says Kaspersky website hacked, customer activation codes exposed SQL injection attacks targeting Flash, JavaScript errors Fuzzing tool helps Oracle DBAs defend against SQL injection Oracle extends Audit Vault third-party database compatibility When should a database application be placed in a DMZ? Oracle patches dangerous WebLogic, Secure Backup vulnerabilities Database Security Management Research Security Patch Management Adobe fixes critical Shockwave Flash Player flaw Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates Adobe issues first quarterly patch release fixing 13 flaws Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Adobe shifts to Microsoft patching process, incident response plan Software delivery could fix software patching issues Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft to patch critical PowerPoint zero-day flaw Firefox update addresses several security flaws

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary data encryption/decryption IC  (SearchSecurity.com) International Data Encryption Algorithm  (SearchSecurity.com) link encryption  (SearchSecurity.com) MD2  (SearchSecurity.com) MD4  (SearchSecurity.com) MD5  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary