Home > Security News > Oracle to patch 37 flaws
Security News:
EMAIL THIS LICENSING & REPRINTS

Oracle to patch 37 flaws

By Bill Brenner, Senior News Writer
10 Apr 2007 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Oracle Corp. plans to fix 37 flaws across its product line April 17, according to a preview of the upcoming Critical Patch Update (CPU) released late Tuesday.

Attackers could potentially exploit the most severe flaws to compromise the database server or the host operating system, the Redwood Shores, Calif.-based, database giant said.

The CPU will include 13 fixes for Oracle Database, two for Oracle Enterprise Manager, one for Oracle Workflow Cartridge and one for the Ultra Search component affect code bundled with the Oracle Database. Three of these may be remotely exploited over a network without a username and password.

Five fixes are planned for Oracle Application Server, along with one Oracle Workflow Cartridge fix and one Oracle Secure Enterprise Search fix. Two of the flaws may be remotely exploited over a network without the need for a username and password.
Oracle security:
Jan. 17: Oracle releases 51 security fixes The flaws are across Oracle's product line and attackers could exploit them remotely to compromise vulnerable systems.

Podcast: The state of Oracle security: In this edition of Security Wire Weekly, Oracle DBA Jon Emmons gives his observations about Oracle's new critical patch update format.

Report: Microsoft beats Oracle on security: In a new whitepaper, security guru David Litchfield of Next Generation Security explains why Microsoft has a tighter grasp on its database defenses than Oracle.

One fix is planned for Oracle Collaboration Suite, including one Oracle Workflow Cartridge fix. Neither issue is remotely exploitable without authentication, Oracle said.

Eleven fixes are planned for Oracle E-Business Suite, two of which may be remotely exploited without authentication.

Two fixes are planned for Oracle Enterprise Manager, both of which may be remotely exploitable without authentication.

Two fixes are planned for Oracle PeopleSoft Enterprise PeopleTools, one for PeopleSoft Enterprise Human Capital Management and one for JD Edwards EnterpriseOne and JD Edwards OneWorld Tools.

If the numbers hold up when the official CPU is released, this will be one of Oracle's smallest patch loads in recent memory.

Its January CPU addressed 51 flaws, while its October 2006 CPU plugged 101 security holes.

Sound Off! -   


Tags: Database SecurityPatch ManagementVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts