News Stay informed about the latest enterprise technology news and product updates.

Oracle to release 41 security fixes

Oracle's Critical Patch Update repairs several serious vulnerabilities in Oracle Secure Backup, Oracle Database, Oracle Application Server and its business suite.

Oracle plans to release 41 security fixes on Tuesday as part of its quarterly Critical Patch Update (CPU). The patches repair about a dozen serious flaws across its product line.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

In the Oracle prerelease announcement to customers, the vendor said the CPU contains 10 new security vulnerability fixes for the Oracle Database. The flaws can be found in Job Queue, Oracle OLAP, Oracle Spatial and Oracle Streams. They affect Oracle Database 9i, 10g and 11g.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible," the Redwood Shores, Calif.-based vendor said in its prerelease announcement.

Oracle security:
October 2008 CPU: Oracle patches dangerous WebLogic flaw, critical database holes: A severe WebLogic flaw is among 36 security fixes released by Oracle Corp. across its database, middleware and enterprise software products.

What tools provide user provisioning and single sign-on for PeopleSoft- and Unix-based products? When working with PeopleSoft and Unix, which single sign-on (SSO) vendors offer the most effective products? Learn how to choose an SSO product in this IAM expert response.

Is there a published standard or guideline for system hardening? When hardening a system, what specific standards or guidelines should information security pros adhere to? Security management expert Mike Rothman explains.

The CPU contains a security vulnerability fix for the Oracle Times Ten Data Server. A flaw in the real-time, in-memory database could be exploited remotely without authentication, Oracle said. It has the Common Vulnerability Scoring System (CVSS) base score of the vulnerability is 7.5.

Nine new security vulnerability fixes are planned for Oracle Secure Backup, Oracle's tape backup management software. Oracle said all the vulnerabilities may be remotely exploited without authentication. The highest CVSS base score affecting Oracle Secure Backup is 10.0 for Windows versions of the product and 7.5 for all other platforms.

Four security fixes are reserved for the Oracle Application Server. Oracle said two of them could be remotely exploitable without authentication. The highest CVSS score for the vulnerabilities was 5.0.

One fix addresses an issue with the Oracle Collaboration Suite, which provides tools and features for enterprise messaging. Oracle said the Collaborative Workspaces component of Oracle Collaboration Suite is affected by the vulnerability. Collaborative Workspaces is a program interface built on top of the collaboration suite. It allows users to share documents, schedule meetings and complete projects via a forum or email.

The CPU also has four security fixes for the Oracle E-Business Suite. Vulnerabilities can be found in Oracle iProcurement, Oracle Application Object Library and the Oracle Applications Framework and Platform Engineering.

Also, five security fixes address issues within the former BEA product line. The flaws affect Oracle WebLogic Server Plugin for Apache, Sun and IIS Web servers as well as the WebLogic Portal. Oracle said the vulnerabilities could be exploited by an attacker without authentication. The highest CVSS base score of vulnerabilities affecting Oracle WebLogic Server is 10.0 for the WebLogic Server Plugin for Apache, Sun and IIS Web servers.

Oracle released 36 security fixes in October. It patched a dangerous WebLogic flaw and 15 critical database holes.

Dig Deeper on Database Security Management-Enterprise Data Protection

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.