Patch batch from Oracle to include 41 fixes | SC Media
Breach, Patch management, TDR

Patch batch from Oracle to include 41 fixes

January 9, 2009
Oracle on Tuesday plans to deliver 41 security fixes, including 10 for its database products, as part of its quarterly security update.

At least 17 of the vulnerabilities addressed by the update are remotely exploitable without authentication, thus making them higher risks for exploitation, according to a pre-release announcement.

Several of the bugs received a severity rating of 10, the highest designations under Oracle's vulnerability scoring system. Those flaws are present in the Server Backup and WebLogic Server plugin for Apache, Sun and IIS web servers.

None of the flaws impacting the database garnered a rating above 5.5, and none were remotely exploitable without authentication.

Slavik Markovich, CTO of database security firm Sentrigo, said that may not matter, as the insider threat is growing and privileged users can pose great risk to a company.

"Install the patches as soon as possible," he told SCMagazineUS.com on Friday.

The update also provides fixes in the Times Ten data server, Application Server, Collaboration Suite, E-Business Suite, Enterprise Manager, PeopleSoft Enterprise and JD Edwards EnterpriseOne.

The drop by Oracle will come on the same day as Microsoft delivers just one patch for a "critical" vulnerability in Windows.



prestitial ad