[ISN] Oracle plugs 51 security flaws

From: InfoSec News (alerts@private)
Date: Tue Jan 16 2007 - 22:33:51 PST


By Joris Evers
Staff Writer, CNET News.com
January 16, 2007

Oracle on Tuesday released fixes for 51 vulnerabilities that affect its 
software products.

The update is part of the Redwood City, Calif., company's quarterly 
patch cycle. Oracle preannounced its patch release Thursday, when, for 
the first time, it published an advance notification so customers could 
plan ahead to apply the fixes.

Oracle's actual Tuesday "Critical Patch Update" has one fix less than 
the company originally announced. Instead of the planned 27 fixes for 
its database products, 26 vulnerabilities are addressed in the company's 
flagship software.

"An issue was detected with one of the database fixes for a number of 
database versions," Eric Maurice, manager for security at Oracle, wrote 
on a corporate blog. "Per our policywe removed the fix from the January 
CPU. We are working to resolve this issue to release the fix on all 
supported database versions with the next CPU in April."

In addition to the database fixes, Oracle's update repairs 12 flaws in 
Application Server, 7 in E-Business Suite, 6 in Enterprise Manager and 3 
in PeopleSoft. Many bugs are serious and could allow a system running 
the vulnerable Oracle software to be compromised remotely by an 
anonymous attacker, Oracle said.

"As usual, we highly recommend that customers apply all patches 
promptly," Maurice wrote.

Oracle's next patch release is due on April 17.

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Tue Jan 16 2007 - 22:56:51 PST