Oracle readying 46 security patches for DB, server products

Oracle readying 46 security patches for DB, server products

Summary: Database and server giant Oracle is planning to ship patches for a total of 46 vulnerabilities next Tuesday (July 17) as part of its quarterly Critical Patch Update release process.

SHARE:
TOPICS: Servers, Oracle, Security
11

Oracle adDatabase and server giant Oracle is planning to ship patches for a total of 46 vulnerabilities next Tuesday (July 17) as part of its quarterly Critical Patch Update release process.

The patches will cover potentially severe holes affecting Oracle Database, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, and Oracle PeopleSoft Enterprise.

Oracle Database is affected by 20 of the 46 holes, including a new security fix for Application Express. Two of these vulnerabilities are considered remotely exploitable without requiring authentication.

Oracle Application Server is affected by four vulnerabilities. Three of these will be carry a high-risk rating because they can remotely exploitable without authentication.

Oracle said 14 of the patches will cover holes in the Oracle E-Business Suite and Applications (six are considered critical) and three patches will deal with flaws in Oracle PeopleSoft Enterprise PeopleTools.

So far in 2007, Oracle has released patches for a whopping 133 vulnerabilities.

Topics: Servers, Oracle, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

11 comments
Log in or register to join the discussion
  • Unpatchable!

    Oracle is at the very, very beginning of their security learning curve, behind even Apple. They have YEARS of this kind of patching ahead of them before they start to "get it".

    They've got to be the least security-minded of all the major software players...
    KTLA
  • This is pathetic

    People are always making comments about MS patched this (myself included), Apple patched that, a smurf farted in their wheties. YOu know what I mean.
    But as of this article Oracle has patched 155 so far and no one has anything to say about THAT?
    And if I read that correctly then a good portion of them can be considered critical. Whats wrong with this picture?
    How in the heck is this excusable? 155 patches in, what, seven months? They darn well should know more about security.
    Shelendrea
    • Because most don't have an emotional attachment to Oracle

      [i]But as of this article Oracle has patched 155 so far and no one has anything to say about THAT?[/i]

      You have the Mac zealots who [b]love[/b] OSX and [b]hate[/b] Windows so any story about an Apple vulnerability or a Microsoft vulnerability brings the zealots out in droves.

      You have the Linux zealots who [b]love[/b] Linux and [b]hate[/b] Windows so any story about a Linux vulnerability or a Microsoft vulnerability brings the zealots out in droves.

      Not enough people [b]love[/b] Oracle and not enough people [b]hate[/b] Oracle for anyone to get emotionally upset enough to comment.
      NonZealot
  • I am so glad we pay a premium for Oracle RDBMS

    When we first started getting Oracle databases in 2003 the poster I was given stated Oracle 9i UNBREAKABLE. I wish I still had that poster.

    Since June 2003 the TOTAL number of Microsoft SQL Server vunerabilities is ZERO....

    Wait, I thought Microsoft was the one that had vunerable hackable code ????
    redtrain65
    • whatever your smoking please pass it

      Buffer Truncation Abuse in Microsoft SQL Server Based Applications
      http://www.net-security.org/vuln.php?id=4241

      or just Google for "sql server exploits 2007" once you come down off your high horse. ;)
      DebianDog
      • Take your head out of your butt

        Maybe you should read...

        http://www.darkreading.com/document.asp?doc_id=110881

        In case you're not up to it...here's a summary.

        "Eric Ogren, security analyst for Enterprise Strategy Group, has compiled Common Vulnerabilities and Exposures (CVE) data from Oracle, Microsoft's SQL Server, and the open source MySQL database, and found some major differences. In fact, Oracle has 70 vulnerabilities, MySQL has 59, and SQL Server has just two. Sybase has seven, and IBM's DB2 has four, according to ESG's findings."
        GeiselS
        • What are you doing?

          You just replied to a religious argument with facts. Facts have no place in the "Oracle r00lz, SQL Server dr00lz" argument.
          KTLA
          • You lost me

            Where did religion come into.

            Arguing Oracle 9 has vulnerabilities when SQL sever 2000 had them too. Both are quite minor actually. The biggest insecurity of any database Microsoft or Oracle is the administrators not setting it up properly.

            A common mistake I see is setting passwords to simple guessable passwords. No vulnerability need there just a simple password cracker and you're in. Works on both database equally.

            Personally the only thing I don't like about MSSQL server is Microsoft's stance on data corruption. They say it happens deal with it. What's with that?! So you just have to restore every so often. That's STUPID! Don't have that happening in Oracle very often and when it does happen you can actually go in and remove the corruption, they actually help you do it.

            I wasn't happy with Microsoft support in the slightest. One big reason I wouldn't go with MSSQL server for any critical system.
            voska
          • really.

            We have had a different senario play out here. We have had four data corruption incidents in Oracle dbs. We had to drop and recreate all of the indexes on an almost billion row table to fix it which have been all been on the same table. In SQL Server we have never had any corruption. Granted all but two of our SQL Server dbs would be considered large, however we have in excess of 100 SQL Server dbs and about 20 Oracle dbs.
            redtrain65
  • Message has been deleted.

    kevencage
  • unbreakable?!

    Whatever happened to them being unbreakable?
    Kobashrer