[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Oracle set to issue new bunch of patches


By Robert McMillan
IDG news service
11 January 2008

Oracle is set to fix dozens of flaws in its software products, including 
critical bugs in the company's database, e-business suite and 
application server.

In its first security update of 2008, next Tuesday, Oracle will ship 27 
security fixes, some of which will affect several products.

Oracle releases security patches every three months, a process known as 
the Critical Patch Update (CPU). January's bug-fix total is low by 
Oracle's standards. In October, the company patched 51 vulnerabilities.

As usual, the company's database will be a major focus of the CPU. 
Oracle plans to ship eight security fixes for the Oracle Database, 
addressing bugs in the software's advanced queuing, core RDBMS, Oracle 
Agent, Oracle Spatial and XML database software.

None of the database vulnerabilities can be exploited over a network 
without the attacker first obtaining a username and password for the 

Oracle's next most-patched product will be the E-Business Suite, which 
will receive seven updates, three of which are for bugs that can be 
remotely exploited by attackers who do not have usernames or passwords 
for the system.

The Oracle Application Server will get six bug-fixes, addressing flaws 
in components such as the product's BPEL, Worklist Application, Oracle 
Forms and Oracle Internet Directory software.

Finally, Oracle is planning four updates for its PeopleSoft and JD 
Edwards products, as well as one fix each for Oracle Enterprise Manager 
and the Oracle Collaboration Suite.

Visit InfoSec News