Oracle breaks patch cycle with emergency fix
Print storyTackles buffer overflow exploits
Posted in Enterprise Security, 7th August 2008 10:51 GMT
Free whitepaper – Extended Validation SSL Certificates
Oracle broke its regular patch release cycle on Wednesday to issue a patch for a vulnerability in WebLogic that has become the target of hacker attacks over recent days.
Multiple versions of Oracle (formerly BEA) WebLogic application server software are affected by a buffer overflow flaw involving the Apache plug-in component of the enterprise package. Oracle issued workarounds last week soon after the flaw became the target of active exploits. The flaw creates a means to crash or, in the worst case, inject hostile code into vulnerable systems.
The WebLogic patch is the first to be published outside the three-monthly release cycle introduced by Oracle in January 2005. More details can be found in Oracle's advisory here.
The vulnerability came to light on 28 July, a little less than two weeks after Oracle published 45 security patches in the summer edition of its quarterly cycle. ®
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server
The business case for application security
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Server-gated cryptography
Airport insecurity: the case of lost laptops
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive