The vendor issues its security updates on a quarterly basis and is now using a system that assigns a severity score to its bugs on a scale of one to 10.
Oracle has also started providing additional information indicating whether a flaw can be exploited by remote attackers without any authentication credentials. The system is designed to help administrators identify the most urgent issues.
The most important security flaw was assigned a 'base score' of 7.0 and affects Oracle Application Express. The company's flagship database received a total of 22 fixes, with the most severe ranked at 4.2.
The scores are assigned using the industry standard Common Vulnerability Scoring System which is also used by Cisco Systems.
David Litchfield, a representative from Next Generation Security Software, criticised Oracle for failing to deliver its patches on all platforms.
Patches for Oracle databases 9.2.0.6 and 10.1.0.5 will not be available until the end of this month.
Users running Oracle 10.2.0.1 on Linux on Power servers will also have to wait until the end of October, as will users running Oracle 10.2.0.2 on Windows.
"After a successful July 2006 critical patch update release, when Oracle had all the patches ready, it is disappointing to see Oracle slipping back into its old bad habits," said Litchfield.
.jpg&h=140&w=231&c=1&s=0)
iTnews State of Security Breakfast
iTnews State of Data & AI Breakfast
The 2026 iAwards
.jpg&w=120&c=1&s=0)
Integrate 2026
Security Exhibition & Conference
_(1).jpg&h=140&w=231&c=1&s=0)
