Oracle issues critical patch update for 47 flaws

By

Urges them to be applied ASAP.

Oracle has issued a critical patch update to correct 47 vulnerabilities across several of its portfolios, including the newly acquired Sun product line.

“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU [critical patch update] fixes as soon as possible,” an Oracle advisory warned.

An update for the popular Oracle Database Server product includes seven security vulnerability fixes – none of which are remotely exploitable without authentication, in other words able to be exploited over a network without the need for a username and password, Oracle said. Two of those flaws were publicised by well-known database hacker David Litchfield earlier this year at the Black Hat conference in Washington, D.C.

Also, this week's update provides five security fixes for Oracle Fusion Middleware products. The update includes one fix for Oracle Collaboration Suite, eight for Oracle Application Suite, four affecting PeopleSoft and JD Edwards Suite, and six for Oracle Industry Applications, according to an advisory issued by US-CERT.

The update also includes 16 new security fixes for the Sun product line, which Oracle acquired in April 2009. This is the first Oracle security update to include fixes for the Sun Solaris operating system.

“With the recent close of the Sun acquisition, both security organisations have worked diligently to align Sun's previous security practices with Oracle's,” Eric Maurice, software security assurance director at Oracle, wrote in a blog post.

Alex Rothacker, manager of database protection vendor Application Security's SHATTER research team, told SCMagazineUS.com in an email that two of the vulnerabilities, in particular, pose a high risk.

One affects Oracle Database Server and allows for the complete takeover of not only the database, but also the entire server, including the operating system, he said. Another high-risk vulnerability affecting the Oracle Fusion Middleware product can be exploited remotely without authentication and allows for a complete takeover of the database.

See original article on scmagazineus.com

Oracle issues critical patch update for 47 flaws
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
criticalflawsforissuesoraclepatchsecurityupdate

Sponsored Whitepapers

Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Events

Most Read Articles

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?