Oracle rolled out its second-quarter bug fixes, including more than two dozen that affect its flagship database software.
Oracle on Tuesday rolled out a second quarter's worth of bug fixes to patch 65 vulnerabilities, including more than two dozen that affect its flagship database software.
The Critical Patch Update (CPU) contains patches for 27 flaws in Oracle Database, 20 in E-Business Suite, 10 in Application Server, 4 in Enterprise Manager, 2 in PeopleSoft Enterprise, and 1 each in Collaboration Suite and JD Edwards HTML Server.
Of the 27 Oracle Database bugs, 4 are fixes for client-side systems that connect to database systems.
While Oracle doesn't rank its fixes as do Microsoft and Apple, third-party security vendors put users on notice. Symantec, for example, rated the impact of the vulnerabilities as "10," its highest, while Danish bug tracker Secunia tagged the CPU as "Highly critical," its usual label for an Oracle CPU.
Security organizations bemoaned the lack of detail in the update bulletin, an Oracle trademark. "Due to a lack of information, specific attack scenarios cannot be provided," said Symantec in its alert to DeepSight Threat Management System customers.
Oracle again also caught flak for the its three-month update schedule. "Three months is way too longthey could come up with some workarounds in those months," said Swa Frantzen, an analyst with the SANS Institute's Internet Storm Center.
Both criticisms -- lack of guidance and the quarterly updates -- are regularly made each time Oracle rolls out patches, including after the batch issued in April that counted 36 fixes and the January CPU which fixed 82 flaws.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.