Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Security / Security Fixes and Improvements

Security Fixes and Improvements

Oracle Fixes 65 Security Vulnerabilities

As part of the July CPU

By Marius Oiaga, Technology News Editor

19th of July 2006, 13:07 GMT

Adjust text size:


Oracle's Critical Patch Update (CPU) is a conglomerate of updates that address multiple security flaws, including additional non-security fixes meant to secure interdependencies with the security patches.
Oracle has issued a total of 65 security updates, the release being part of the company's quarterly patch cycle. With no less than 27 flaws that could be remotely exploited by an attacker, Oracle strongly advised its customers to install the updates as it offers no alternative fixes.

"We fix flaws in severity order. The fixes you see in the Critical Patch Update are the most critical," said Darius Wiles, senior manager for security alerts at Oracle. "We strongly recommend to customers that they apply these security patches as soon as they can."

The update package provides the most numerous fixes for Oracle's Database products with 23 related flaws. 10 remedies address vulnerabilities in Application Server and 20 in E-Business Suite and Applications. Four security holes in Enterprise Manager and two in PeopleSoft's Enterprise portal will be plugged, while singular vulnerabilities will be patches in both the Collaboration Suite and JD Edwards software.

"There are four new database vulnerabilities addressed by this Critical Patch Update that affect Oracle Database Client-only installations (installations that do not have the Oracle Database installed). For three of these vulnerabilities, an untrusted, malicious server can cause the client to terminate if the client connects to the rogue server. The fourth vulnerability allows an untrusted, malicious server to cause the client to terminate, and additionally may allow the execution of arbitrary code on the client. A client may be exposed to these four vulnerabilities either by connecting directly to the malicious server, or through a database link. Client-side software in the middle tier is patched as part of the general middle tier patch and customers do not need to apply additional patches. If this is not the case it will be documented in the appropriate supplementary documentation," stated Oracle.
Read by 871 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
Fair (2.0/5) 5 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


IBM Provides an Oracle ERP Solution Based on System

Dark and Light

Microsoft Drags Apple Stock Down

Microsoft's Assurance is Unwanted

HP Announced a Future Modification within the Company

EDS to Provide U.S. Army Information Technology Enterprise Solutions

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive