Patch/Configuration Management, Vulnerability Management

Oracle releases 51 patches

Oracle today released 51 unique fixes as part of its latest quarterly security update.

The patches are comprised of:

· 26 fixes for Oracle Database products to address 10 vulnerabilities that may be remotely exploitable without authentication;

· a dozen fixes for Application Server, remedying eight flaws that may be remotely exploitable;

· seven fixes for the E-Business Suite, which contain no remotely exploitable vulnerabilities;

· six fixes for Enterprise Manager, sewing up five remotely exploitable holes; and

· three fixes for PeopleSoft Enterprise, addressing one remotely exploitable bug.

Some of the fixes correspond to vulnerabilities across products.

The most severe vulnerabilities affect Oracle Database and E-Business Suite and are rated seven out of 10, according to Oracle's Common Vulnerability Scoring System (CVSS).

"Due to the threat posed by a successful attack, Oracle strongly recommends that fixes are applied as soon as possible," the company said today in an advisory.

For the first time, the database giant issued a pre-patch announcement that detailed its plans for today's release, much in the same way Microsoft does each month. The move was largely hailed as a way for IT administrators to get a better handle on the Oracle patching process.

But experts said Oracle - which has been forced to patch an increasing number of flaws over the past year - should concentrate on building security in.

"This is another step in the right direction by Oracle," said Paul Davie, CEO of U.K.-based database security vendor Secerno. "But users need to beware: it's not the vendor vulnerabilities they need to focus on but the critical weaknesses in their development process."

Click here to email reporter Dan Kaplan.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.