[ISN] Oracle Plans 46 Patches for Update

From: InfoSec News (alerts@private)
Date: Mon Jul 16 2007 - 02:14:48 PDT


By Brian Prince
July 12, 2007

Oracle has plans to deliver 46 security fixes for its customers by July 

According to an Oracle security announcement, the patches will plug 
security holes in Oracle Database, Oracle Application Server, Oracle 
Collaboration Suite, Oracle E-Business Suite and Applications and Oracle 
PeopleSoft Enterprise products. The most serious of the flaws—two 
vulnerabilities affecting Oracle PeopleSoft Enterprise products—have a 
CVSS score of 4.8.

Twenty of the 46 fixes address issues in the database, and two of the 
flaws can be exploited remotely over a network without the need for a 
username and password. Fourteen others fix flaws in the Oracle 
E-Business Suite and Applications, six of which may be remotely 
exploited without authentication.

In addition, four fixes are slated to be issued for Oracle Application 
Server, and three are to be issued for Oracle PeopleSoft Enterprise 
PeopleTools. Three of the flaws affecting Oracle Application Server can 
be exploited remotely.

The upcoming July 17 fixes are part of the company's Critical Patch 
Update releases, issued four times year. The last batch, in April, 
featured 36 security fixes.

Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Mon Jul 16 2007 - 02:27:32 PDT