Oracle has released a critical patch update to fix more
than 30 security vulnerabilities in a range of products, including
its Database, Application Server, Enterprise Manager and
Collaboration Suite software.
The release includes a new Default Password Scanner utility to
help users secure Oracle-provided default database schema accounts
that have default passwords. It updates the password-checking
utility released in January.
But the company warned, “The Oracle Default Password Scanner
does not replace the essential security guidelines described in the
Database Security Checklist, nor does it lessen the importance of
appropriately securing all database and application accounts.”
The quarterly update follows critical out-of-cycle security
patches issued in February and March. After Oracle’s scheduled
January patch release, the company came under fire from analyst
firm Gartner, which warned that Oracle databases were in danger of
losing their reputation for security.
Earlier this month, Oracle inadvertently alerted hackers to a
bug in its Server platform, accidentally publishing information
that could be used to exploit it. The information has since been
withdrawn.