Oracle fixes 82 software flaws


Oracle fixes 82 software flaws

Oracle has released patches for 82 vulnerabilities in its database and application server software, and collaboration and e-business suites.

The patches, which are part of Oracle’s scheduled quarterly updates, also include fixes for flaws in its PeopleSoft and JD Edwards products.

Many of the flaws are said to have a “wide” impact on database availability, integrity and confidentiality. One vulnerability in Oracle’s databases enables any user with basic access privileges to assume the role of a database administrator. The flaw, which was first reported in October, also allows would-be attackers to prevent illegal activity from being recorded by the database server’s built-in auditing mechanism.

Oracle moved recently to a quarterly patching schedule but security specialists have criticised the company for leaving vulnerabilities unaddressed, saying the quarterly schedule may not be in users’ best interests. They have also complained that Oracle has released few details of the flaws addressed by the update.

It will pain Oracle to hear it, but some security specialists even believe that when it comes to addressing security vulnerabilities, Oracle and other suppliers could learn something in openness from Microsoft, as well as processes for vulnerability discovery, remediation and disclosure.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy