Oracle plugs 122 security holes

By on
Oracle plugs 122 security holes

Database vendor flips switch on vulnerability score reporting.

Oracle has released a 'critical patch update' that plugs 122 security vulnerabilities across the company's databases, enterprise applications, developer tools and middleware. 

The vendor issues its security updates on a quarterly basis and is now using a system that assigns a severity score to its bugs on a scale of one to 10.

Oracle has also started providing additional information indicating whether a flaw can be exploited by remote attackers without any authentication credentials. The system is designed to help administrators identify the most urgent issues.

The most important security flaw was assigned a 'base score' of 7.0 and affects Oracle Application Express. The company's flagship database received a total of 22 fixes, with the most severe ranked at 4.2.

The scores are assigned using the industry standard Common Vulnerability Scoring System which is also used by Cisco Systems.

David Litchfield, a representative from Next Generation Security Software, criticised Oracle for failing to deliver its patches on all platforms. 

Patches for Oracle databases and will not be available until the end of this month.

Users running Oracle on Linux on Power servers will also have to wait until the end of October, as will users running Oracle on Windows.

"After a successful July 2006 critical patch update release, when Oracle had all the patches ready, it is disappointing to see Oracle slipping back into its old bad habits," said Litchfield.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©

Most Read Articles

Log In

  |  Forgot your password?