Oracle To Patch 55 Database, App Server Bugs Next Week - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
1/12/2007
01:25 PM
50%
50%

Oracle To Patch 55 Database, App Server Bugs Next Week

The 55 patches include 24 for bugs that can be exploited remotely by attackers, which generally are considered critical threats by security researchers and vendors.

Taking a page out of rival Microsoft's playbook, Oracle on Thursday issued its first-ever advanced warning that spells out the number and severity of the patches it plans to release to fix flaws in its flagship database and other software.

According to the advance notification posted on Oracle's Web site, the quarterly Critical Patch Update, scheduled to roll out Jan. 16, will include 55 patches, including 24 for bugs that can be exploited remotely by attackers. Generally, such flaws -- characterized by Oracle as "remotely exploitable without authentication" -- are considered critical threats by security researchers and vendors.

The planned disclosures and patches affect Oracle Database (27 patches, 10 for remote code execution vulnerabilities), Application Server (12/8), E-Business Suite and Applications (7/0), Oracle Enterprise Manager (6/5), and PeopleSoft Enterprise and JD Edwards EnterpriseOne (3/1). Other products, including Oracle Collaboration Server, also must be patched because they use flawed components of some of the fixed applications.

Security vendor Symantec told users of its DeepSight threat management system to set aside time starting Tuesday to deploy the Oracle fixes. "Due to the critical nature of some of these issues, customers are advised to allocate resources for the immediate deployment and testing of vendor patches," Symantec said in its own alert on the upcoming security roll out.

Last October, Oracle instituted a ranking system for the vulnerabilities it planned to patch, and said the changes were made after gathering feedback from customers. The new advance notification -- similar to the practice at Microsoft, which releases limited information the week before its monthly patch release -- is another such customer-oriented tool, said Oracle Thursday.

"It is our hope that these pre-release announcements will become valuable tools to help security professionals analyze the criticality of the forthcoming CPUs and brief their management to obtain any necessary approvals for a timely application of the CPUs," said Duncan Harris, senior director of security assurance, in a blog entry.

Oracle's CPU will be released Tuesday at noon Pacific time, and will be available from the update page of the Oracle Technology Network.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
Slideshows
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
News
Northwestern Mutual CIO: Riding Out the Pandemic
Jessica Davis, Senior Editor, Enterprise Apps,  10/7/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Slideshows
Flash Poll