Oracle plans 27 security fixes for Jan. 15

Summary:Updated below: Oracle said Thursday that its latest batch of patches will fix 27 security fixes "across hundreds of Oracle products," including eight for the company's database, seven for its e-business suite and six for its application server.In its advisory, Oracle outlines a laundry list of software affected.

Updated below: Oracle said Thursday that its latest batch of patches will fix 27 security fixes "across hundreds of Oracle products," including eight for the company's database, seven for its e-business suite and six for its application server.

In its advisory, Oracle outlines a laundry list of software affected. Here's the roll call:

  • Oracle Database 11g, version 11.1.0.6
  • Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3
  • Oracle Database 10g, version 10.1.0.5
  • Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
  • Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.0.0, 10.1.3.1.0, 10.1.3.2.0, 10.1.3.3.0
  • Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.0.1 - 10.1.2.0.2, 10.1.2.1.0, 10.1.2.2.0
  • Oracle Application Server 10g (9.0.4), version 9.0.4.3
  • Oracle Collaboration Suite 10g, version 10.1.2
  • Oracle E-Business Suite Release 12, versions 12.0.0 - 12.0.3
  • Oracle E-Business Suite Release 11i, versions 11.5.9 - 11.5.10 CU2
  • Oracle Enterprise Manager Grid Control 10g Release 1, versions 10.1.0.5, 10.1.0.6
  • Oracle PeopleSoft Enterprise PeopleTools versions 8.22, 8.47, 8.48, 8.49
  • Oracle PeopleSoft Enterprise Human Capital Management versions 8.9, 9.0 (Absence Management Module)

The most critical fixes of the bunch are for Oracle's application server and e-business suite. Although Oracle has eight fixes planned for database none can be exploited remotely.

Five of the six vulnerabilities in Oracle Application Server "may be remotely exploited without authentication, i.e. may be exploited over a network without the need for a username and password."

Oracle said the Application Server components affected are Oracle BPEL Worklist Application, Oracle Forms, Oracle Internet Directory, Oracle JDeveloper and Oracle JInitiator.

As for the Oracle E-Business Suite, Oracle has seven security fixes with three that can be remotely exploited.

Update: Secunia is reporting a "highly critical" Oracle Siebel SimBuilder NCTAudioFile2 ActiveX control buffer overflow that is unpatched. In the advisory, Secunia notes:

A vulnerability has been discovered in Oracle Siebel SimBuilder, which can be exploited by malicious people to compromise a user's system.

The software affected includes Oracle Siebel CRM 7.x and Oracle Siebel SimBuilder 7.x. It remains to be seen if Oracle's patch release will take care of this vulnerability.

Topics: Security, Data Centers, Data Management, Enterprise Software, Oracle, Software

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.