Oracle rolled out its second-quarter bug fixes, including more than two dozen that affect its flagship database software.
Oracle on Tuesday rolled out a second quarter's worth of bug fixes to patch 65 vulnerabilities, including more than two dozen that affect its flagship database software.
The Critical Patch Update (CPU) contains patches for 27 flaws in Oracle Database, 20 in E-Business Suite, 10 in Application Server, 4 in Enterprise Manager, 2 in PeopleSoft Enterprise, and 1 each in Collaboration Suite and JD Edwards HTML Server.
Of the 27 Oracle Database bugs, 4 are fixes for client-side systems that connect to database systems.
While Oracle doesn't rank its fixes as do Microsoft and Apple, third-party security vendors put users on notice. Symantec, for example, rated the impact of the vulnerabilities as "10," its highest, while Danish bug tracker Secunia tagged the CPU as "Highly critical," its usual label for an Oracle CPU.
Security organizations bemoaned the lack of detail in the update bulletin, an Oracle trademark. "Due to a lack of information, specific attack scenarios cannot be provided," said Symantec in its alert to DeepSight Threat Management System customers.
Oracle again also caught flak for the its three-month update schedule. "Three months is way too longthey could come up with some workarounds in those months," said Swa Frantzen, an analyst with the SANS Institute's Internet Storm Center.
Both criticisms -- lack of guidance and the quarterly updates -- are regularly made each time Oracle rolls out patches, including after the batch issued in April that counted 36 fixes and the January CPU which fixed 82 flaws.
The Business of Going DigitalDigital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.