[ISN] Oracle patches to fix 37 flaws

From: InfoSec News (alerts@private)
Date: Wed Apr 11 2007 - 01:08:14 PDT


http://news.com.com/Oracle+patches+to+fix+37+flaws/2100-1002_3-6175041.html

By Joris Evers
Staff Writer, CNET News.com
April 10, 2007

Oracle next week plans to release fixes for 37 security flaws across all 
its products, the company said Tuesday.

The fixes will be delivered April 17 as part of Oracle's quarterly patch 
cycle. Seven of the bugs are serious and could allow a system running 
the vulnerable Oracle software to be compromised remotely, the company 
said in a note on its Web site.

This is the second time Oracle is giving a heads-up on patches. The 
first such advance notice was in January. Microsoft has been giving 
customers a similar early warning since late 2004. Both companies have 
put their patches on a schedule so customers know when to expect them. 
The early warning is meant to allow for extra preparedness.

Oracle's advance notification goes further than Microsoft's, which only 
states the product family for which patches will be released and gives a 
broad indication of bug severity. Oracle also lists the number of 
vulnerabilities it plans to patch and gives details of which products 
and components will get fixes.

Oracle's "Critical Patch Update" is planned to include 13 fixes for 
Oracle database products, five for Application Server, 11 for E-Business 
Suite, and four for PeopleSoft and J.D. Edwards products, according to 
Oracle's note.

In January, Oracle released fixes for 51 vulnerabilities.


__________________________
Subscribe to InfoSec News
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Wed Apr 11 2007 - 01:29:31 PDT