Oracle to release 46 security fixes

By

Oracle announced plans to deliver 46 patches on Tuesday to repair a number of vulnerabilities in its database and associated products.

Oracle to release 46 security fixes
The quarterly critical patch update will address 20 flaws in the Oracle Database, with the most critical vulnerability having a severity level of 4.2 out of 10, according to the pre-release announcement. Two of the bugs may be remotely exploitable without exploitation.

The security release also will resolve holes in Application Server, Secure Enterprise Search, Application Express, Collaboration Suite, E-Business Suite and the PeopleSoft Enterprise solutions, which includes PeopleTools, Human Capital Management and Customer Relationship Management.

This is the third security update since Oracle launched a Common Vulnerability Scoring System (CVSS) to rate bugs, identify those flaws that are critical and remotely exploitable, and include a "high-level" overview of each defect and fix — similar to Microsoft's approach.

Ted Julian, vice president of marketing and strategy at database security firm Application Security, told SCMagazine.com that Oracle is helping users better manage the patches.

"You have to give them credit for making progress on this issue," Julian said. "They’ve tried to be responsive."

The patches come on the heels of Wednesday’s unveiling of Oracle Database 11g, the first upgrade in four years of the Redwood Shores, Calif.-based company's most popular offering.

The new version features a number of security enhancements, including support for case-sensitive passwords, hot patching, a so-called audit vault to address insider threats and encryption capabilities beyond "column-level encryption.

The new version, billed as Oracle’s most reliable and performance-filled to date, endured a nine-month beta test period. An Oracle spokesperson could not be reached for comment today.

In April, Oracle released 36 patches, one of the smallest patch updates since the database giant began issuing quarterly distributions more than two years ago. Last July’s update offered 65 fixes.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Sportsbet recruits 'security champions' in shift-left strategy

Sportsbet recruits 'security champions' in shift-left strategy

Log In

  |  Forgot your password?