Oracle Lowers Patch Count in January Update

Sean Michael Kerner

Oracle users: you got off easy this time.

As part of its January Critical Patch Update (CPU), Oracle has released updates for
26 different issues affecting its applications. The January tally is nearly half of what Oracle usually updates in its last CPU, which came out in October of 2007.

The bulk of the fixes this time is related to Oracle’s Database products. In total, Oracle is patching for eight different security fixes related to Oracle’s Databases, though none is tagged with the “remotely exploitable without authentication” flaws.

The “remotely exploitable without authentication” flaws are among the most dangerous because, as the title implies, they can be remotely exploited by an attacker without authentication. Oracle first began providing details on which flaws could be exploited this way in October of
2006 when it patched 101 flaws, over half of which were labeled as remotely exploitable.

The January 2008 CPU also contains 7 new security fixes for the Oracle E-Business Suite, 3 of the vulnerabilities may be remotely exploited without authentication.

Oracle Application Server gets 6 security fixes, 5 of them being remotely exploitable. Oracle PeopleSoft Enterprise gets 4 security fixes with 1 remote exploit. Rounding out the list is 1 fix for the Oracle Collaboration Suite.

While Oracle has managed to reduce the patch load with the January CPU, some have argued that Oracle users aren’t paying as much attention to CPU’s as they should. Database security vendor Sentrigo reported that most Oracle users don’t actually patch their systems with the CPU.

There are a number of different reasons why Oracle DBAs (database
administrators) might be lax in updating with the Oracle’s CPU’s.

Ryan Barnett, director of training with Breach Security told InternetNews.com that the biggest challenge to applying CPU patches sets seems to be the extensive regression testing that is involved. Barnett commented that many organizations have mission critical systems that employ many different technologies and versions of those technologies.

This article was first published on InternetNews.com. To read the full article, click here.

Previous article
Research: Oracle Applications Not Secure
Next article
Publishing Company Settles Software Suit With SIIA
Sean Michael Kerner
Sean Michael Kerner
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

Latest articles

Top Cybersecurity Companies

Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.

Related articles

eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.

Advertisers

Advertise with TechnologyAdvice on eSecurity Planet and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2023 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.