News
News
4/19/2006
01:36 PM
Connect Directly
RSS
E-Mail
50%
50%

Oracle Patches 36 Bugs, Risk Ranked At '10'

Security vendors Symantec and Guardium are warning users that several of the vulnerabilities are significant, and patching is "essential."

Oracle Corp. on Tuesday released its quarterly patch batch, plugging 36 vulnerabilities in several of its products, including the flagship Oracle Database.

Although the number of fixes may seem high, it's actually less than half of the last Oracle bunch, which counted 82 fixes.

Oracle's Critical Patch Update (CPU) for April contains 14 patches that fix the three-dozen flaws, several of which the company said could be easily and broadly exploited. Most of the bugs could be attacked remotely.

Although Oracle doesn't use a ranking system similar to Microsoft's or Apple's that detail the most critical vulnerabilities, in a separate alert to its customers security giant Symantec rated the urgency of patching as "10," its highest ranking. Danish vulnerability tracker Secunia, meanwhile, tagged the CPU as "Highly critical," its second-from-the-top rating.

"Several of these vulnerabilities are significant, and should be patched as soon as possible," Symantec wrote to subscribers of its DeepSight Threat Management System. "No workarounds for these issues have been published by Oracle."

Ron Ben-Natan, the chief technology officer of database security company Guardium, agreed. "Many of the vulnerabilities are easy to exploit and do not require advanced knowledge or skills," he said in an e-mail to TechWeb on Wednesday.

"Identity thieves search for the weakest link in database security, often using one small vulnerability to compromise multiple subsystems within the database engine," Ben-Natan added. "These patches are essential."

Tuesday's bugs affect Oracle Database, Oracle Application Server, Oracle Collaboration Server, Oracle E-Business Suite and Applications, Oracle Pharmaceutical Applications, Oracle Enterprise Manager, and Oracle Peoplesoft Enterprise and JD Edwards EnterpriseOne.

As always, Oracle remained tight-lipped about the vulnerabilities, although it published a risk matrix in its advisory to guide system administrators in prioritizing the patch process.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest Septermber 14, 2014
It doesn't matter whether your e-commerce D-Day is Black Friday, tax day, or some random Thursday when a post goes viral. Your websites need to be ready.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.