Oracle preps July patch blitz
Print story46 fixes coming at ya
Posted in Applications, 13th July 2007 15:40 GMT
Join our expert panel in discussing application security
Oracle plans to release 46 security patches next week as part of its quarterly update cycle.
The updates cover unspecified flaws in products including Oracle Database, Application Server, and E-Business Suite, among others. Some of the patches due to be released on Tuesday, 17 July, cover bugs in multiple products.
Twenty of the planned security updates include fixes for versions of Oracle's database, two of which might be remotely exploited without requiring login credentials.
Six of the 14 flaws in Oracle's E-Business Suite might also be remotely exploited by hackers. Three of four bugs in Oracle's Application Server carry the same risk, Oracle warns in its pre-release announcement here.
Last year, Oracle began rating the severity of bugs in its applications according to the Common Vulnerability Scoring System (CVSS), an industry-wide initiative designed to standardise vulnerability ratings.
Oracle rates the worst of this quarter's patch batch (two bugs affecting Oracle PeopleSoft Enterprise) at 4.8. The last edition of Oracle's quarterly patch release featured 36 security fixes compared to the 51 security updates Oracle issued in January. ®
Solving on-premise email challenges with on-demand services
The business case for application security
Airport insecurity: the case of lost laptops
The best practices guide for application security
Impact of the dramatic increase in devices on the cost to support
Google code cloud punts on-demand embarrassment
Microsoft weighs next-phase in open-source support
iTunes minus the player: hack your Apple beats
Oracle plans cloud strategy