Oracle releases 51 security fixes

News

Oracle releases 51 security fixes

Bill Brenner, Senior News Writer
Oracle Corp. fixed 51 security flaws with the release of its January Critical Patch Update (CPU) Tuesday, one less than the company had originally planned for. Attackers could exploit many of the flaws to compromise vulnerable systems from remote locations without a username or password.

The CPU includes 17 fixes for Oracle Database, one of which an attacker could remotely exploit without the need for a username and password. Nine flaws are addressed in Oracle HTTP Server, eight of which are remotely exploitable. Twelve fixes address flaws in Oracle Application Server, eight of which attackers could remotely exploit without a username or password.

Oracle security:
Oracle responds to security critics

Oracle bulletins will rank patches, offer more detail

Oracle emulates Microsoft with advance patch notice

Podcast:The state of Oracle security

The database giant released seven fixes for flaws in Oracle E-Business Suite, including one in the Oracle Workflow Cartridge. "None of these vulnerabilities may be remotely exploited without authentication," Oracle said in the CPU bulletin. The company also addressed flaws in Oracle PeopleSoft Enterprise PeopleTools and Oracle Enterprise Manager.

Last week, in its first-ever advance bulletin, the Redwood City, Calif.-based database giant predicted that it would fix 52 flaws.

Eric Maurice, Oracle's manager for security, said in the company's corporate blog that a problem was found in one of the database fixes.

"Per our policy, which is intended to ensure that all customers have an equal security posture, we removed the fix from the January CPU," he said. "We are working to resolve this issue to release the fix on all supported database versions with the next CPU in April."

Oracle will release the next CPU April 17.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy