TechTarget

Oracle fixes 82 software flaws

Oracle has released patches for 82 vulnerabilities in its database and application server software, and collaboration and e-business suites.

Oracle has released patches for 82 vulnerabilities in its database and application server software, and collaboration...

and e-business suites.

The patches, which are part of Oracle’s scheduled quarterly updates, also include fixes for flaws in its PeopleSoft and JD Edwards products.

Many of the flaws are said to have a “wide” impact on database availability, integrity and confidentiality. One vulnerability in Oracle’s databases enables any user with basic access privileges to assume the role of a database administrator. The flaw, which was first reported in October, also allows would-be attackers to prevent illegal activity from being recorded by the database server’s built-in auditing mechanism.

Oracle moved recently to a quarterly patching schedule but security specialists have criticised the company for leaving vulnerabilities unaddressed, saying the quarterly schedule may not be in users’ best interests. They have also complained that Oracle has released few details of the flaws addressed by the update.

It will pain Oracle to hear it, but some security specialists even believe that when it comes to addressing security vulnerabilities, Oracle and other suppliers could learn something in openness from Microsoft, as well as processes for vulnerability discovery, remediation and disclosure.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close