Oracle update fixes security flaws

Company's database, application server and 11i E-Business Suite are covered in the quarterly update.

Database maker Oracle has corrected a number of security bugs with its latest quarterly update.

Various versions of Oracle products, including its database, application server and 11i E-Business Suite, are part of Tuesday's update, according to the company.

"A number of high-risk SQL injection and parameter manipulation security vulnerabilities in the Oracle E-Business Suite are corrected by the security patches released" Tuesday, said security company Integrigy, which produces tools for a number of enterprise applications from companies such as Oracle and PeopleSoft. "Customers with Internet-facing implementations of the Oracle E-Business Suite should consider applying these patches as soon as possible."

Chicago-based Integrigy added that "it is possible that an attacker with only a Web browser and a network connection (either internally or externally) to Oracle E-Business Suite Web application servers can execute malicious SQL statements in the database as the APPS database account."

Oracle's next update is scheduled for Oct. 18.