On deck from Oracle: 45 critical database, server patches

Summary:Database server giant Oracle plans to ship patches for a total of 45 security vulnerabilities on Thursday (July 17), bringing the vulnerability count for 2008 to a whopping 112.Since January 2006 (this CPU included), Oracle has shipped fixes for a total of  572 vulnerabilities.

45 critical database, server patches
Database server giant Oracle plans to ship patches for a total of 45 security vulnerabilities on Thursday (July 17), bringing the vulnerability count for 2008 to a whopping 112.

Since January 2006 (this CPU included), Oracle has shipped fixes for a total of  572 vulnerabilities.

According to a pre-release analysis, the vulnerabilities affect hundreds of products, including all supported Oracle Database, Oracle Application Server, and Oracle E-Business Suite versions.

This is the first Critical Patch Update that includes fixes for BEA WebLogic, Hyperion BI, and TimesTen Database.

In this patch batch, Oracle will provide patches for 11 Oracle Database vulnerabilities.  According to Integrigy CTO Stephen Kost, some of the database flaws can be exploited using only PUBLIC privileges accessible by all database accounts.

The July CPU will also cover 9 new Oracle Application Server vulnerabilities, all of which are remotely exploitable without authentication.   For the Oracle E-Business Suite 11i and R12 products, there are 6 new vulnerabilities, some of which can be readily exploited by an unprivileged user.

Kost recommends that this quarter's security patches should be deemed critical.

Topics: Enterprise Software, Data Centers, Data Management, Hardware, Oracle, Security, Servers, Software, Storage

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.