Oracle Set To Release 66 Patches

Author: Category: Greg's Blog


Top 10 Software Stories Of 2010
(click image for larger view)

Oracle is set to release a massive, quarterly security update on Tuesday that includes 66 patches for 28 products.

More Software Insights

White Papers

  • State of Fraud in Government
  • How To Manage Multiple Cloud Infrastructures

Reports

Videos

Sun CEO Talks About The State of, and Future of the Java Development Platform
Upstart Intacct focuses on financial and accounting software as a service, providing a choice for small-to-medium sized businesses.
Startup Marketcetera Offers Buy Side Traders An Open Source Software Platform For Algorithmic Trading

!—-

Of the bugs to be patched, 34 are described as “remotely exploitable without authentication” and score a “10″ — the most severe type of vulnerability — on the Oracle Common Vulnerability Scoring System (CVSS). “That’s roughly equivalent to what Microsoft deems critical — in other words, the sort of bug which might allow a network worm to spread without user involvement,” blogged Paul Ducklin, the head of technology for Sophos in Asia Pacific.

The products with the most severe vulnerabilities are Oracle Audit Vault, JRockit, Solaris, and WebLogic Server. Notably, all four products “may be exploited over a network without the need for a username and password,” said Oracle. That’s especially dangerous for a security application such as Oracle Audit Vault, which is meant to create a verifiable audit trail.


Oracle Set To Release 66 Patches, Blog, Hacker, News, Security, hacking

According to Daniel Wesemann of the Internet Storm Center, “[it’s] always disappointing when a so-called security component makes the system actually more vulnerable.”

While 28 products are to be patched, several of the products are actually product bundles, such as Oracle Sun Products Suite, which includes 10 affected products — such as the Solaris operating system and Java System Access Manager — as well as Oracle Fusion Middleware, which includes nine affected products, such as HTTP Server and JRockit.

The Oracle Open Office suite — Open Office, StarOffice, StarSuite — also contains severe vulnerabilities that rate a 9.3 on the CVSS scale, while vulnerabilities in Oracle Database Server rate a 7.5.

Other products getting security updates include Oracle Database 10g and 11g, Secure Backup, E-Business Suite 11i and 12, and PeopleSoft.

InformationWeek has published an in-depth report on hardening next-gen Web applications. Download it now (free registration required).

Article source: http://www.informationweek.com/news/software/bi/showArticle.jhtml?articleID=229000841cid=RSSfeed_IWK_All


Tags: vulnerability alerts

Category: Vulnerabilities/Exploits

Leave a Reply