Oracle patch batch fixes 26 flaws

Summary:Oracle as expected released its quarterly batch of security fixes Tuesday.In a blog post, Oracle said:Oracle today released the January 2008 Critical Patch Update (CPUJan2008).

Oracle as expected released its quarterly batch of security fixes Tuesday.

In a blog post, Oracle said:

Oracle today released the January 2008 Critical Patch Update (CPUJan2008).  This Critical Patch Update (CPU) addresses a total of 26 vulnerabilities affecting Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite, and Oracle PeopleSoft Enterprise.  Eight of these vulnerabilities are specific to Oracle Database Server, including one vulnerability affecting Oracle Database Server 11g on Linux.

While none of the Oracle Database Server fixes requires patching the database client-only installations, this Critical Patch Update includes fixes for six Oracle Application Server vulnerabilities, and two of these fixes are for client installations.  The two Application Server client fixes address severe vulnerabilities affecting JInitiator, a web browser extension that enables end users to run Oracle Forms Services applications within their browser.  These two vulnerabilities have received a CVSS score of 9.3 because they could allow an attacker to gain full control of the targeted client (e.g. a laptop or workstation) at the Operating System level.  Note however that these two vulnerabilities cannot be used to exploit a server.

All the details of Oracle's patch roundup nearly matches what it previously disclosed a few days ago.

Topics: Enterprise Software, Data Centers, Data Management, Oracle, Security, Servers


Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.