Yes, you read that headline correctly. Oracle is out with a new security patch addressing 82 vulnerabilities and security issues in various Oracle products.
Oracle’s January patch is the first issued since October 2005 when the company patched 89 different vulnerabilities. Security firm Secunia has rated the January vulnerabilities as being “moderately critical.”
The vulnerabilities affect Oracle Database Server versions 8.x, 9i and 10g, as well as multiple versions of Oracle Application Server, Oracle E-Business Suite 11i and Oracle Collaboration Suite.
Oracle-branded products are not the only ones at risk in this update, as it also covers J.D. Edwards Enterprise 8.x and PeopleSoft Enterprise Portal 8.x.
Oracle’s advisory on the updates includes detailed risk matrices for each effected product.
Secunia wrote in its advisory that some of the vulnerabilities have an unknown impact, whereas others can be exploited to gain knowledge of certain information and overwrite arbitrary files, as well as to conduct SQL injection attacks.
Oracle first announced its quarterly patch update model in November 2004.
After surveying customers across a variety of industries, an Oracle spokesperson said, the company found that a quarterly process strikes a balance between issuing patches often enough to protect customers from serious vulnerabilities and makes it easier for them to manage the maintenance process.