Wednesday became a busy day for database administrators after Oracle released its quarterly patch update which, this time around, tackles more than 80 vulnerabilities in different Oracle software packages and components. Various flavours of Oracle database (37 security bugs), Oracle E-Business Suite and Applications (27), Oracle Collaboration Suite (20) and Oracle Application Server (17) are most in need of update.

The vulnerabilities might potentially be exploited by hackers to remotely execute hostile code on vulnerable systems or perform denial-of-service attacks. Other security flaws carry an information disclosure risk. Oracle's advisory contains a risk matrix designed to help security and database admins to access the potential seriousness of the flaws in their environment. Users of affected products are advised to install the corresponding updates sooner rather than later.

Useful overviews of these security problems have been put together by US CERT (here) and security notification firm Secunia (here). ®

Related stories

• Oracle in war of words with security researcher (26 January 2006)
• Patch roundup Snort plugs Back Orifice as Oracle issues mega-fix (19 October 2005)
• Oracle taken to task for time to fix vulnerabilities (20 July 2005)
• Database rootkit menace looms (4 April 2005)
• Oracle moves to quarterly patch cycle (19 November 2004)