Oracle releases critical security patch

Oracle has released a critical security patch that is designed to fix more than 20 security flaws across a range of its database, application and collaborative server products.

The enterprise software company has said it will release patches on a quarterly basis - to help simplify security updates for users - and is relying on third parties to alert it to security holes.

Many of the bugs plugged in the latest security update were brought to Oracle’s attention by security companies Red Database Security, Integrity and NGSS. 

Oracle has not released full details of the holes and how they can be exploited, but more information is expected to be made public once firms have had a chance to download the patch from Oracle’s website.

Those systems affected are:

Oracle Database 10g Release 1, versions 10.1.0.2, 10.1.0.3 and 10.1.0.3.1 Oracle 9i Database Server Release 2, versions 9.2.0.4, 9.2.0.5 and 9.2.0.6 Oracle 9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5 and 9.0.4 Oracle 8i Database Server Release 3, version 8.1.7.4 Oracle 8 Database Release 8.0.6, version 8.0.6.3  Oracle Application Server 10g Release 2 (10.1.2) Oracle Application Server 10g (9.0.4), versions 9.0.4.0 and 9.0.4.1 Oracle9i Application Server Release 2, versions 9.0.2.3 and 9.0.3.1 Oracle9i Application Server Release 1, version 1.0.2.2 Oracle Collaboration Suite Release 2, version 9.0.4.2 Oracle E-Business Suite and Applications Release 11i (11.5) Oracle E-Business Suite and Applications Release 11.0

More details are available at: www.oracle.com/technology/deploy/security/alerts.htm