Oracle has released a critical security patch to fix a
number of vulnerabilities in its E-Business Suite
software.
The patch has been released two months ahead of Oracle’s
scheduled quarterly security patching cycle, and may signal that
the company is moving towards more regular updates in response to
increasing threats.
The patch fixes a number of vulnerabilities in the Oracle
Diagnostics troubleshooting component of the firm’s E-Business
Suite 11i platform.
The bugs relate to the Oracle Diagnostics web pages and to the
Java classes included with the software.
One problem allows some of the diagnostics to be executed
without any authentication. The vulnerabilities could allow remote
attackers to take over company systems.
Oracle has publicised the vulnerabilities and is encouraging
users to update their systems immediately.
Oracle's next full security update is scheduled for 18
April.
The quarterly updates have been used by Oracle for a year. The
last release saw 82 bugs ironed out.