Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
Oracle Moves To Monthly Patch Schedule
An alert posted on the company's Web site outlined the patches that should be posted to fix numerous security holes in a number of applications.
September 1, 2004
1 Min Read
Oracle made good on its promise to provide its first monthly security update by the end of August, posting fixes to scads of vulnerabilities in its core products.
The alert posted Tuesday on Oracle's Web site, outlined the patches that should be deployed to stifle security holes in numerous versions of Database, Application Server, Database Server, and Enterprise Manager.
The database vendor rated the Database Server and Application Server vulnerabilities as "high," its top ranking, and said that some of the flaws can be exploited by those without a valid user account (but requires access to the network). The Enterprise Manager vulnerabilities are rated as "medium" by Oracle, which added that they can be exploited only by people with a valid operating system user account.
The Database Server versions patched include Oracle9i Database Server Release 1, versions 126.96.36.199, 188.8.131.52 and 9.0.4; Oracle9i Database Server 2, versions 184.108.40.206 and 220.127.116.11; and Oracle8i Database Server Release 3, version 18.104.22.168.
Application Server 10g, versions 22.214.171.124 and 126.96.36.199; Oracle9i Application Server Release 2, versions 188.8.131.52 and 184.108.40.206; and Oracle9i Application Server Release 1, version 220.127.116.11 are those affected by the security alert and patches.
Many of the vulnerabilities hark back to the beginning of the year, when Next Generation Security Software spotted more than 30 flaws, but demurred from going public until Oracle had patches in place.
Oracle has taken a page out of Microsoft's playbook by deciding to roll out security fixes on a set monthly schedule rather than release them individually. Microsoft debuted its monthly patching timetable last October.
The Oracle patches can be downloaded from Metalink, the company's online support service that's available only to registered users.
You May Also Like