News Stay informed about the latest enterprise technology news and product updates.

Oracle to patch 37 flaws

Database giant Oracle Corp. offered a preview of its April Critical Patch Update (CPU). Fixes are planned for 37 flaws across its product line.

Oracle Corp. plans to fix 37 flaws across its product line April 17, according to a preview of the upcoming Critical Patch Update (CPU) released late Tuesday.

Attackers could potentially exploit the most severe flaws to compromise the database server or the host operating system, the Redwood Shores, Calif.-based, database giant said.

The CPU will include 13 fixes for Oracle Database, two for Oracle Enterprise Manager, one for Oracle Workflow Cartridge and one for the Ultra Search component affect code bundled with the Oracle Database. Three of these may be remotely exploited over a network without a username and password.

Five fixes are planned for Oracle Application Server, along with one Oracle Workflow Cartridge fix and one Oracle Secure Enterprise Search fix. Two of the flaws may be remotely exploited over a network without the need for a username and password.

Oracle security:
Jan. 17: Oracle releases 51 security fixes The flaws are across Oracle's product line and attackers could exploit them remotely to compromise vulnerable systems.

Podcast: The state of Oracle security: In this edition of Security Wire Weekly, Oracle DBA Jon Emmons gives his observations about Oracle's new critical patch update format.

Report: Microsoft beats Oracle on security: In a new whitepaper, security guru David Litchfield of Next Generation Security explains why Microsoft has a tighter grasp on its database defenses than Oracle.

One fix is planned for Oracle Collaboration Suite, including one Oracle Workflow Cartridge fix. Neither issue is remotely exploitable without authentication, Oracle said.

Eleven fixes are planned for Oracle E-Business Suite, two of which may be remotely exploited without authentication.

Two fixes are planned for Oracle Enterprise Manager, both of which may be remotely exploitable without authentication.

Two fixes are planned for Oracle PeopleSoft Enterprise PeopleTools, one for PeopleSoft Enterprise Human Capital Management and one for JD Edwards EnterpriseOne and JD Edwards OneWorld Tools.

If the numbers hold up when the official CPU is released, this will be one of Oracle's smallest patch loads in recent memory.

Its January CPU addressed 51 flaws, while its October 2006 CPU plugged 101 security holes.

Dig Deeper on Database Security Management-Enterprise Data Protection

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.