Oracle patches to fix 37 flaws

Quarterly "critical patch update" will include fixes for seven vulnerabilities that could be exploited remotely.
Written by Joris Evers, Contributor
Oracle next week plans to release fixes for 37 security flaws across all its products, the company said Tuesday.

The fixes will be delivered April 17 as part of Oracle's quarterly patch cycle. Seven of the bugs are serious and could allow a system running the vulnerable Oracle software to be compromised remotely, the company said in a note on its Web site.

This is the second time Oracle is giving a heads-up on patches. The first such advance notice was in January. Microsoft has been giving customers a similar early warning since late 2004. Both companies have put their patches on a schedule so customers know when to expect them. The early warning is meant to allow for extra preparedness.

Oracle's advance notification goes further than Microsoft's, which only states the product family for which patches will be released and gives a broad indication of bug severity. Oracle also lists the number of vulnerabilities it plans to patch and gives details of which products and components will get fixes.

Oracle's "Critical Patch Update" is planned to include 13 fixes for Oracle database products, five for Application Server, 11 for E-Business Suite, and four for PeopleSoft and J.D. Edwards products, according to Oracle's note.

In January, Oracle released fixes for 51 vulnerabilities.
Editorial standards