Oracle breaks patch cycle with emergency fix | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

Enabling the Data Center Metamorphosis
From Fixed To Fluid
Eliminating the Security Risk of Sending Confidential Information by Email
Email Encryption
Gartner Paper: US Data Centers - The Calm Before the Storm
How to handle future energy demands
Search Engine Link Spam
Risks, Threats, Solution
Solution Brief: Reduce Energy Costs
With Green IT Solutions
The Botnet Threat
Targeting Your Busines

The Register » Security » Enterprise Security »

Oracle breaks patch cycle with emergency fix

Tackles buffer overflow exploits

By John Leyden → More by this author

Published Thursday 7th August 2008 10:51 GMT

Gartner Report: How IT Management Can "Green" the Data Center - Free Download

Oracle broke its regular patch release cycle on Wednesday to issue a patch for a vulnerability in WebLogic that has become the target of hacker attacks over recent days.

Multiple versions of Oracle (formerly BEA) WebLogic application server software are affected by a buffer overflow flaw involving the Apache plug-in component of the enterprise package. Oracle issued workarounds last week soon after the flaw became the target of active exploits. The flaw creates a means to crash or, in the worst case, inject hostile code into vulnerable systems.

The WebLogic patch is the first to be published outside the three-monthly release cycle introduced by Oracle in January 2005. More details can be found in Oracle's advisory here.

The vulnerability came to light on 28 July, a little less than two weeks after Oracle published 45 security patches in the summer edition of its quarterly cycle. ®

Free Analyst Paper: Overcoming Energy Demands on US Data Centers

2 comments posted — Comment period finished

Why dump the workarounds?

Posted: 16:55 7th August 2008

Maybe Hell has frozen over?

Posted: 23:04 7th August 2008

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

Hello, this is Oracle - we're not in right now (29 August 2008)
WebLogic to open gates on Oracle rationalization (4 August 2008)
Oracle warns over unpatched vuln (29 July 2008)
Oracle preps summer patch cluster (11 July 2008)
Oracle risks loss of influential BEA users (4 July 2008)
BEA gets last laugh on Oracle app server (1 July 2008)

Post to Slashdot

Add to del.icio.us

Previous Article

whitepaper title

Enabling the Data Center Metamorphosis

This independent analyst paper gives real world advice on transforming your datacenter into a streamlined, dynamic, liquid engine capable of handling growth..

whitepaper title

Eliminating the Security Risk of Sending Confidential Information by Email

80% of security breaches are caused by people inside a company. Learn how to eliminate the risks of emailing confidential information.

Whitepapers	Jobs
Java and J2EE performance Power and Cooling Capacity Management for Data Centers [WP150] Reducing your Carbon Footprint Traditional Security Systems will not Protect Against All Web-Borne Threats	Perl/Web Developer for Financial Institution Perl Consultant Database Administrator and Developer Perl Software Engineer for Stock Photography Website Internal Systems Developer Perl Developer

How IT Management Can "Green" the Data Center

A Gartner Report

Download for free NOW

Top 20 stories • All The Week’s Headlines • Archive • Search