Oracle Patches 65 Vulnerabilities - InformationWeek
IoT
IoT
News
News
7/19/2006
03:48 PM
50%
50%
RELATED EVENTS
Using Threat Data to Improve Your Cyber Defense
Aug 10, 2017
Attend this webinar to learn how you can determine which threats pose the greatest danger to your ...Read More>>

Oracle Patches 65 Vulnerabilities

Oracle rolled out its second-quarter bug fixes, including more than two dozen that affect its flagship database software.

Oracle on Tuesday rolled out a second quarter's worth of bug fixes to patch 65 vulnerabilities, including more than two dozen that affect its flagship database software.

The Critical Patch Update (CPU) contains patches for 27 flaws in Oracle Database, 20 in E-Business Suite, 10 in Application Server, 4 in Enterprise Manager, 2 in PeopleSoft Enterprise, and 1 each in Collaboration Suite and JD Edwards HTML Server.

Of the 27 Oracle Database bugs, 4 are fixes for client-side systems that connect to database systems.

While Oracle doesn't rank its fixes as do Microsoft and Apple, third-party security vendors put users on notice. Symantec, for example, rated the impact of the vulnerabilities as "10," its highest, while Danish bug tracker Secunia tagged the CPU as "Highly critical," its usual label for an Oracle CPU.

Security organizations bemoaned the lack of detail in the update bulletin, an Oracle trademark. "Due to a lack of information, specific attack scenarios cannot be provided," said Symantec in its alert to DeepSight Threat Management System customers.

Oracle again also caught flak for the its three-month update schedule. "Three months is way too longthey could come up with some workarounds in those months," said Swa Frantzen, an analyst with the SANS Institute's Internet Storm Center.

Both criticisms -- lack of guidance and the quarterly updates -- are regularly made each time Oracle rolls out patches, including after the batch issued in April that counted 36 fixes and the January CPU which fixed 82 flaws.

What information Oracle does provide can be found in this online advisory.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll