Oracle To Patch 55 Database, App Server Bugs Next Week
The 55 patches include 24 for bugs that can be exploited remotely by attackers, which generally are considered critical threats by security researchers and vendors.
Taking a page out of rival Microsoft's playbook, Oracle on Thursday issued its first-ever advanced warning that spells out the number and severity of the patches it plans to release to fix flaws in its flagship database and other software.
According to the advance notification posted on Oracle's Web site, the quarterly Critical Patch Update, scheduled to roll out Jan. 16, will include 55 patches, including 24 for bugs that can be exploited remotely by attackers. Generally, such flaws -- characterized by Oracle as "remotely exploitable without authentication" -- are considered critical threats by security researchers and vendors.
The planned disclosures and patches affect Oracle Database (27 patches, 10 for remote code execution vulnerabilities), Application Server (12/8), E-Business Suite and Applications (7/0), Oracle Enterprise Manager (6/5), and PeopleSoft Enterprise and JD Edwards EnterpriseOne (3/1). Other products, including Oracle Collaboration Server, also must be patched because they use flawed components of some of the fixed applications.
Security vendor Symantec told users of its DeepSight threat management system to set aside time starting Tuesday to deploy the Oracle fixes. "Due to the critical nature of some of these issues, customers are advised to allocate resources for the immediate deployment and testing of vendor patches," Symantec said in its own alert on the upcoming security roll out.
Last October, Oracle instituted a ranking system for the vulnerabilities it planned to patch, and said the changes were made after gathering feedback from customers. The new advance notification -- similar to the practice at Microsoft, which releases limited information the week before its monthly patch release -- is another such customer-oriented tool, said Oracle Thursday.
"It is our hope that these pre-release announcements will become valuable tools to help security professionals analyze the criticality of the forthcoming CPUs and brief their management to obtain any necessary approvals for a timely application of the CPUs," said Duncan Harris, senior director of security assurance, in a blog entry.
Oracle's CPU will be released Tuesday at noon Pacific time, and will be available from the update page of the Oracle Technology Network.
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.