This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Oracle To Patch 55 Database, App Server Bugs Next Week
The 55 patches include 24 for bugs that can be exploited remotely by attackers, which generally are considered critical threats by security researchers and vendors.
Taking a page out of rival Microsoft's playbook, Oracle on Thursday issued its first-ever advanced warning that spells out the number and severity of the patches it plans to release to fix flaws in its flagship database and other software.
According to the advance notification posted on Oracle's Web site, the quarterly Critical Patch Update, scheduled to roll out Jan. 16, will include 55 patches, including 24 for bugs that can be exploited remotely by attackers. Generally, such flaws -- characterized by Oracle as "remotely exploitable without authentication" -- are considered critical threats by security researchers and vendors.
The planned disclosures and patches affect Oracle Database (27 patches, 10 for remote code execution vulnerabilities), Application Server (12/8), E-Business Suite and Applications (7/0), Oracle Enterprise Manager (6/5), and PeopleSoft Enterprise and JD Edwards EnterpriseOne (3/1). Other products, including Oracle Collaboration Server, also must be patched because they use flawed components of some of the fixed applications.
Security vendor Symantec told users of its DeepSight threat management system to set aside time starting Tuesday to deploy the Oracle fixes. "Due to the critical nature of some of these issues, customers are advised to allocate resources for the immediate deployment and testing of vendor patches," Symantec said in its own alert on the upcoming security roll out.
Last October, Oracle instituted a ranking system for the vulnerabilities it planned to patch, and said the changes were made after gathering feedback from customers. The new advance notification -- similar to the practice at Microsoft, which releases limited information the week before its monthly patch release -- is another such customer-oriented tool, said Oracle Thursday.
"It is our hope that these pre-release announcements will become valuable tools to help security professionals analyze the criticality of the forthcoming CPUs and brief their management to obtain any necessary approvals for a timely application of the CPUs," said Duncan Harris, senior director of security assurance, in a blog entry.
Oracle's CPU will be released Tuesday at noon Pacific time, and will be available from the update page of the Oracle Technology Network.
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
IT Careers: Tech Drives Constant ChangeAdvances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!