[ISN] Oracle Issues 41 Security Fixes in Latest CPU

From: InfoSec News (alerts@private)
Date: Tue Apr 15 2008 - 23:29:01 PDT


http://www.eweek.com/c/a/Database/Oracle-Issues-41-Security-Fixes-in-Latest-CPU/

By Brian Prince
eWEEK.com
2008-04-15

Oracle released fixes for a total of 41 bugs in its April Critical Patch 
Update, including a serious vulnerability affecting Oracle Application 
Server.

The CPU, Oracle's second of the year, includes 17 fixes for Oracle 
Database products, 11 for the Oracle E-Business Suite, six for the 
Oracle Siebel Enterprise Suite, three for Oracle Application Server, 
three for the PeopleSoft-JD Edwards Suite and one for Oracle Enterprise 
Manager.

The most serious of the vulnerabilities affects Oracle Application 
Server, specifically Oracle Jinitiator, and has a CVSS (Common 
Vulnerability Scoring System) rating of 9.3. Jinitiator allows a 
Web-enabled Oracle Forms client application to run within a browser. 
According to the company's advisory, the vulnerability applies only to 
the client portion of Application Server.

"The impact of this vulnerability is limited to Jinitiator; there is no 
Oracle Application Server impact," company officials stated in the 
advisory. "Oracle Jinitiator Versions 1.3.1.15 and later are not 
affected."

All three of the vulnerabilities affecting Application Server can be 
exploited remotely without authentication. Seven of the 11 
vulnerabilities affecting Oracle E-Business Suite can be exploited 
remotely without a user name or password.

January's CPU featured 26 security fixes for Oracle products. The next 
CPU is slated to be released July 15.


-==-
Let identityLoveSock take your personal information into 
their wanting hands. http://www.identity-love-sock.com/ 
Because victims have money too. 



This archive was generated by hypermail 2.1.3 : Tue Apr 15 2008 - 23:39:37 PDT