Oracle to patch 51 database, server flaws next Tuesday

Oracle to patch 51 database, server flaws next Tuesday

Summary: Database and server giant Oracle plans to issue patches for a total of 51 security vulnerabilities next Tuesday (October 16).

SHARE:
TOPICS: Oracle, Security, Servers
2

41 database, server patches comingDatabase and server giant Oracle plans to issue patches for a total of 51 security vulnerabilities next Tuesday (October 16).

According to an advance notice from Redwood City, the October Critical Patch Update will address flaws affecting Oracle Database, Oracle Application Server, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle People Soft Enterprise and JD Edwards EnterpriseOne.

The company also said that its severity ratings system will now support CVSS v2, the latest revision of the common vulnerability scoring system.

This Oracle patch batch brings the total vulnerability count for 2007 to 183.

The skinny on next week's updates:

Oracle Database is affected by 27 vulnerabilities. Five of these vulnerabilities may be remotely exploitable without authentication (may be exploited over a network without the need for a username and password). None of these fixes are applicable to Oracle Database client-only installations.

Oracle Application Server is affected by 11 vulnerabilities. Seven of these vulnerabilities may be remotely exploitable without authentication. No new fixes are applicable for client-only installations.

Oracle E-Business Suite and Applications is affected by 8 vulnerabilities. Only one the vulnerabilities is described as remotely exploitable without the need for authentication.

Oracle Enterprise Manager is affected by two vulnerabilities that may exploited over a network without the need for user/password credentials.

Oracle PeopleSoft Enterprise PeopleTools and JD Edwards EnterpriseOne affected by three vulnerabilities. None of these vulnerabilities may be exploited remotely without authentication.

Topics: Oracle, Security, Servers

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Proof positive of the ABM hit enhancer on ZDNet

    This week, you headlined the Patch Tuesday as "Microsoft slaps band-aid on blah, blah, blah" describing the monthly patch for less than a dozen flaws.

    However, Oracle ("Unbreakable") gets a break when they are about to release "band-aids" for over 4 DOZEN flaws.

    One gets front page glaring yellow tinged headlines, the other an obscure blog entry.

    Okay, I know what to look for now - you have just confirmed what I always suspected. This is not a news site, it is a hit generating site.
    Confused by religion
    • I am waiting

      I am waiting to see what title Ryan Naraine gives the next Apple monster patch, and you know one will be released at some time in the very near future.

      Or better, what title he gives the next Linux patches. Oh, wait, he [b]never[/b] reports on those at all. I guess that means no Linux distros ever get patched...?

      It is about as double a standard as it gets...
      Qbt