Oracle Corp. plans to release 51 security fixes across hundreds
of its products next week as part of its quarterly Critical Patch
Update (CPU).
In the
Oracle prerelease announcement to customers, the vendor said
the CPU contains 27 fixes for the Oracle Database, five of which
may be exploited remotely without the need for a username and
password. The fixes address flaws in the core relational database
management system, SQL execuation, Oracle Database Vault, and
advanced queuing.
 |
| Oracle security updates: | July -
Oracle patches 45 flaws: Oracle stuffed 45 security updates
into its July 2007 CPU, fixing flaws across its product line
attackers could exploit remotely to compromise corporate
databases.
April -
Oracle patches 36 holes: Oracle issued patches for 36 holes in
the database management system, application server, E-Business
Suite and JD Edwards and PeopleSoft software.
Jan. -
Oracle releases 51 security fixes: The flaws are across
Oracle's product line and attackers could exploit them remotely to
compromise vulnerable
systems. |
|
| |
|
The Redwood City, Calif.-based vendor said 11 security fixes
plug holes in the Oracle Application Server, seven of which may be
remotely exploitable without the need for a username and password.
The fixes repair flaws in Oracle HTTP Server, Oracle Portal, Oracle
Single Sign-On and Oracle Containers for J2EE.
Oracle began making prerelease announcements in January,
emulating Microsoft when, which offers an advance notification each
month on what to expect for its Patch Tuesday bulletins. Oracle
said the advance summary is designed to help customers plan their
patching schedules more efficiently.
Other flaws being addressed next week include holes in the
Oracle E-Business Suite. The suite of applications contains eight
flaws, but only one of the vulnerabilities can be remotely
exploited by an attacker without authentication. Areas affected
include Oracle Marketing, Oracle Quoting, Oracle Public Sector
Human Resources, Oracle Exchange and Oracle Applications
Manager.
Two flaws are being addressed in Oracle Enterprise Manager and
three security fixes will be released for Oracle PeopleSoft
Enterprise products. The PeopleSoft Human Capital Management
software and PeopleTools are affected. Oracle said there are no
fixes affecting JD Edwards products.
Oracle stuffed 45 security updates into its July 2007 CPU,
fixing 19 flaws in Oracle Database products and 14 flaws in Oracle
E-Business Suite.