Oracle fixes 82 software flaws

Oracle has released patches for 82 vulnerabilities in its database and application server software, and collaboration and e-business suites.

Oracle has released patches for 82 vulnerabilities in its database and application server software, and collaboration and e-business suites.

The patches, which are part of Oracle’s scheduled quarterly updates, also include fixes for flaws in its PeopleSoft and JD Edwards products.

Many of the flaws are said to have a “wide” impact on database availability, integrity and confidentiality. One vulnerability in Oracle’s databases enables any user with basic access privileges to assume the role of a database administrator. The flaw, which was first reported in October, also allows would-be attackers to prevent illegal activity from being recorded by the database server’s built-in auditing mechanism.

Oracle moved recently to a quarterly patching schedule but security specialists have criticised the company for leaving vulnerabilities unaddressed, saying the quarterly schedule may not be in users’ best interests. They have also complained that Oracle has released few details of the flaws addressed by the update.

It will pain Oracle to hear it, but some security specialists even believe that when it comes to addressing security vulnerabilities, Oracle and other suppliers could learn something in openness from Microsoft, as well as processes for vulnerability discovery, remediation and disclosure.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Business applications

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close