Oracle to patch 51 database, server flaws next Tuesday

Summary:Database and server giant Oracle plans to issue patches for a total of 51 security vulnerabilities next Tuesday (October 16).

41 database, server patches coming
Database and server giant Oracle plans to issue patches for a total of 51 security vulnerabilities next Tuesday (October 16).

According to an advance notice from Redwood City, the October Critical Patch Update will address flaws affecting Oracle Database, Oracle Application Server, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle People Soft Enterprise and JD Edwards EnterpriseOne.

The company also said that its severity ratings system will now support CVSS v2, the latest revision of the common vulnerability scoring system.

This Oracle patch batch brings the total vulnerability count for 2007 to 183.

The skinny on next week's updates:

Oracle Database is affected by 27 vulnerabilities. Five of these vulnerabilities may be remotely exploitable without authentication (may be exploited over a network without the need for a username and password). None of these fixes are applicable to Oracle Database client-only installations.

Oracle Application Server is affected by 11 vulnerabilities. Seven of these vulnerabilities may be remotely exploitable without authentication. No new fixes are applicable for client-only installations.

Oracle E-Business Suite and Applications is affected by 8 vulnerabilities. Only one the vulnerabilities is described as remotely exploitable without the need for authentication.

Oracle Enterprise Manager is affected by two vulnerabilities that may exploited over a network without the need for user/password credentials.

Oracle PeopleSoft Enterprise PeopleTools and JD Edwards EnterpriseOne affected by three vulnerabilities. None of these vulnerabilities may be exploited remotely without authentication.

Topics: Oracle, Security, Servers

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.