Oracle plans to release 46 security updates to fix flaws attackers could exploit across its product line to tamper with database servers and host operating systems.
According to the Oracle's July 2007 Critical Patch Update pre-release announcement , database administrators (DBAs) can expect fixes for Oracle Database, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, and Oracle PeopleSoft Enterprise.
The database giant offered the following breakdown:
While details on the specific flaws have yet to be released, Cupertino, Calif.-based antivirus vendor Symantec Corp. offered customers of its DeepSight threat management service an emailed list of steps IT shops could take to reduce the risk of Oracle attacks until patches are deployed.
Steps include blocking external access at the network boundary unless external parties require service. "Configure network perimeter devices to block all access to ports and services that are not intended for public consumption," Symantec advised. "Permit access to only those services that are intended to be accessed by public users."
IT shops should also be sure to run all software as a non-privileged user with minimal access rights and implement multiple redundant layers of security, Symantec said.
"Deploy memory-protection schemes and host-based IPS on critical systems," the company added. "This tactic may complicate attempts to exploit latent vulnerabilities in protected applications and services."