Home > Security News > Oracle CPU to contain 51 flaw fixes
Security News:
EMAIL THIS LICENSING & REPRINTS

Oracle CPU to contain 51 flaw fixes

By SearchSecurity.com Staff
12 Oct 2007 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Oracle Corp. plans to release 51 security fixes across hundreds of its products next week as part of its quarterly Critical Patch Update (CPU).

In the Oracle prerelease announcement to customers, the vendor said the CPU contains 27 fixes for the Oracle Database, five of which may be exploited remotely without the need for a username and password. The fixes address flaws in the core relational database management system, SQL execuation, Oracle Database Vault, and advanced queuing.

Oracle security updates:
July - Oracle patches 45 flaws: Oracle stuffed 45 security updates into its July 2007 CPU, fixing flaws across its product line attackers could exploit remotely to compromise corporate databases.

April - Oracle patches 36 holes: Oracle issued patches for 36 holes in the database management system, application server, E-Business Suite and JD Edwards and PeopleSoft software.

Jan. - Oracle releases 51 security fixes: The flaws are across Oracle's product line and attackers could exploit them remotely to compromise vulnerable systems.

The Redwood City, Calif.-based vendor said 11 security fixes plug holes in the Oracle Application Server, seven of which may be remotely exploitable without the need for a username and password. The fixes repair flaws in Oracle HTTP Server, Oracle Portal, Oracle Single Sign-On and Oracle Containers for J2EE.

Oracle began making prerelease announcements in January, emulating Microsoft when, which offers an advance notification each month on what to expect for its Patch Tuesday bulletins. Oracle said the advance summary is designed to help customers plan their patching schedules more efficiently.

Other flaws being addressed next week include holes in the Oracle E-Business Suite. The suite of applications contains eight flaws, but only one of the vulnerabilities can be remotely exploited by an attacker without authentication. Areas affected include Oracle Marketing, Oracle Quoting, Oracle Public Sector Human Resources, Oracle Exchange and Oracle Applications Manager.

Two flaws are being addressed in Oracle Enterprise Manager and three security fixes will be released for Oracle PeopleSoft Enterprise products. The PeopleSoft Human Capital Management software and PeopleTools are affected. Oracle said there are no fixes affecting JD Edwards products.

Oracle stuffed 45 security updates into its July 2007 CPU, fixing 19 flaws in Oracle Database products and 14 flaws in Oracle E-Business Suite.



Sound Off! -   Be the first to post a message to Sound Off!


Tags: Database SecuritySecuring Productivity ApplicationsPatch ManagementVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts