Home > Security News > Oracle plans 46 security updates for database, software
Security News:
EMAIL THIS

Oracle plans 46 security updates for database, software

By Bill Brenner, Senior News Writer
13 Jul 2007 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Oracle Corp. plans to release 46 security updates Tuesday to fix flaws attackers could exploit across its product line to tamper with database servers and host operating systems.

According to the July 2007 Critical Patch Update pre-release announcement Oracle released Thursday, DBAs can expect fixes for Oracle Database, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, and Oracle PeopleSoft Enterprise.

Oracle security:
Podcast: The state of Oracle security: In this edition of Security Wire Weekly, Oracle DBA Jon Emmons gives his observations about Oracle's new critical patch update format.

Podcast: Security360 - SOA, Web Services Security: ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security.

April - Oracle patches 36 holes: Oracle issued patches for 36 holes in the database management system, application server, E-Business Suite and JD Edwards and PeopleSoft software.

Jan. - Oracle releases 51 security fixes: The flaws are across Oracle's product line and attackers could exploit them remotely to compromise vulnerable systems.

Oracle emulates Microsoft with advance patch notice: Oracle will patch 52 security flaws across its product line Tuesday, according to its inaugural CPU advance notification bulletin.

The Redwood Shores, Calif.-based database giant offered the following breakdown:

  • Oracle Database is affected by 20 vulnerabilities including one in Application Express. Two of the flaws are remotely exploitable without authentication.

  • Oracle Application Server is affected by four vulnerabilities, three of which are remotely exploitable without authentication.

  • Oracle Collaboration Suite has one vulnerability that's remotely exploitable but requires authentication.

  • Oracle E-Business Suite and Applications is affected by 14 vulnerabilities, six of which are remotely exploitable without authentication.

  • Oracle PeopleSoft Enterprise PeopleTools is affected by three vulnerabilities, one of which is remotely exploitable without authentication. PeopleSoft Enterprise Customer Relationship Management is affected by two flaws, and PeopleSoft Enterprise Human Capital Management is affected by two flaws.

    While details on the specific flaws have yet to be released, Cupertino, Calif.-based antivirus vendor Symantec Corp. offered customers of its DeepSight threat management service an emailed list of steps IT shops could take to reduce the risk of Oracle attacks until patches are deployed.

    Steps include blocking external access at the network boundary unless external parties require service. "Configure network perimeter devices to block all access to ports and services that are not intended for public consumption," Symantec advised. "Permit access to only those services that are intended to be accessed by public users."

    IT shops should also be sure to run all software as a non-privileged user with minimal access rights and implement multiple redundant layers of security, Symantec said.

    "Deploy memory-protection schemes and host-based IPS on critical systems," the company added. "This tactic may complicate attempts to exploit latent vulnerabilities in protected applications and services."



    Tags: Database Security ManagementSecurity Patch ManagementVIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


    RELATED CONTENT
    Database Security Management
    Oracle to buy Sun Microsystems for $7.4 billion
    Oracle issues 43 updates, fixes serious database flaws
    Information security book excerpts and reviews
    Kaspersky website hacked multiple times, expert says
    Kaspersky website hacked, customer activation codes exposed
    SQL injection attacks targeting Flash, JavaScript errors
    Fuzzing tool helps Oracle DBAs defend against SQL injection
    Oracle extends Audit Vault third-party database compatibility
    When should a database application be placed in a DMZ?
    Oracle patches dangerous WebLogic, Secure Backup vulnerabilities
    Database Security Management Research

    Security Patch Management
    Adobe fixes critical Shockwave Flash Player flaw
    Mozilla patches 11 Firefox security flaws, JavaScript errors
    Microsoft patches WebDAV security vulnerability in bevy of updates
    Adobe issues first quarterly patch release fixing 13 flaws
    Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities
    Adobe shifts to Microsoft patching process, incident response plan
    Software delivery could fix software patching issues
    Microsoft updates Office to address serious PowerPoint vulnerabilities
    Microsoft to patch critical PowerPoint zero-day flaw
    Firefox update addresses several security flaws

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    data encryption/decryption IC  (SearchSecurity.com)
    International Data Encryption Algorithm  (SearchSecurity.com)
    link encryption  (SearchSecurity.com)
    MD2  (SearchSecurity.com)
    MD4  (SearchSecurity.com)
    MD5  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    • More Tips to Secure Your Network
    Focused on Channel Security?
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts