Oracle releases 51 security fixes

By Bill Brenner, Senior News Writer 17 Jan 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

The CPU includes 17 fixes for Oracle Database, one of which an attacker could remotely exploit without the need for a username and password. Nine flaws are addressed in Oracle HTTP Server, eight of which are remotely exploitable. Twelve fixes address flaws in Oracle Application Server, eight of which attackers could remotely exploit without a username or password.

Oracle security: Oracle responds to security critics Oracle bulletins will rank patches, offer more detail Oracle emulates Microsoft with advance patch notice Podcast:The state of Oracle security

The database giant released seven fixes for flaws in Oracle E-Business Suite, including one in the Oracle Workflow Cartridge. "None of these vulnerabilities may be remotely exploited without authentication," Oracle said in the CPU bulletin. The company also addressed flaws in Oracle PeopleSoft Enterprise PeopleTools and Oracle Enterprise Manager.

Last week, in its first-ever advance bulletin, the Redwood City, Calif.-based database giant predicted that it would fix 52 flaws.

Eric Maurice, Oracle's manager for security, said in the company's corporate blog that a problem was found in one of the database fixes.

"Per our policy, which is intended to ensure that all customers have an equal security posture, we removed the fix from the January CPU," he said. "We are working to resolve this issue to release the fix on all supported database versions with the next CPU in April."

Oracle will release the next CPU April 17.

Tags: Database Security Management,  Security Patch Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Database Security Management Oracle to buy Sun Microsystems for $7.4 billion Oracle issues 43 updates, fixes serious database flaws Information security book excerpts and reviews Kaspersky website hacked multiple times, expert says Kaspersky website hacked, customer activation codes exposed SQL injection attacks targeting Flash, JavaScript errors Fuzzing tool helps Oracle DBAs defend against SQL injection Oracle extends Audit Vault third-party database compatibility When should a database application be placed in a DMZ? Oracle patches dangerous WebLogic, Secure Backup vulnerabilities Database Security Management Research Security Patch Management Adobe fixes critical Shockwave Flash Player flaw Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates Adobe issues first quarterly patch release fixing 13 flaws Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Adobe shifts to Microsoft patching process, incident response plan Software delivery could fix software patching issues Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft to patch critical PowerPoint zero-day flaw Firefox update addresses several security flaws

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary data encryption/decryption IC  (SearchSecurity.com) International Data Encryption Algorithm  (SearchSecurity.com) link encryption  (SearchSecurity.com) MD2  (SearchSecurity.com) MD4  (SearchSecurity.com) MD5  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary