Oracle Patches 82 Flaws

Download our in-depth report: The Ultimate Guide to IT Security Vendors

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Yes, you read that headline correctly. Oracle is out with a new security patch addressing 82 vulnerabilities and security issues in various Oracle products.

Oracle's January patch is the first issued since October 2005 when the company patched 89 different vulnerabilities. Security firm Secunia has rated the January vulnerabilities as being "moderately critical."

The vulnerabilities affect Oracle Database Server versions 8.x, 9i and 10g, as well as multiple versions of Oracle Application Server, Oracle E-Business Suite 11i and Oracle Collaboration Suite.

Oracle-branded products are not the only ones at risk in this update, as it also covers J.D. Edwards Enterprise 8.x and PeopleSoft Enterprise Portal 8.x.

Oracle's advisory on the updates includes detailed risk matrices for each effected product.

Secunia wrote in its advisory that some of the vulnerabilities have an unknown impact, whereas others can be exploited to gain knowledge of certain information and overwrite arbitrary files, as well as to conduct SQL injection attacks.

Oracle first announced its quarterly patch update model in November 2004.

After surveying customers across a variety of industries, an Oracle spokesperson said, the company found that a quarterly process strikes a balance between issuing patches often enough to protect customers from serious vulnerabilities and makes it easier for them to manage the maintenance process.

This article was first published on InternetNews.com. To read the full article, click here.

Submit a Comment

Loading Comments...