October 12th, 2007
Oracle to patch 51 database, server flaws next Tuesday
Database and server giant Oracle plans to issue patches for a total of 51 security vulnerabilities next Tuesday (October 16).
According to an advance notice from Redwood City, the October Critical Patch Update will address flaws affecting Oracle Database, Oracle Application Server, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle People Soft Enterprise and JD Edwards EnterpriseOne.
The company also said that its severity ratings system will now support CVSS v2, the latest revision of the common vulnerability scoring system.
This Oracle patch batch brings the total vulnerability count for 2007 to 183.
The skinny on next week’s updates:
Oracle Database is affected by 27 vulnerabilities. Five of these vulnerabilities may be remotely exploitable without authentication (may be exploited over a network without the need for a username and password). None of these fixes are applicable to Oracle Database client-only installations.
Oracle Application Server is affected by 11 vulnerabilities. Seven of these vulnerabilities may be remotely exploitable without authentication. No new fixes are applicable for client-only installations.
Oracle E-Business Suite and Applications is affected by 8 vulnerabilities. Only one the vulnerabilities is described as remotely exploitable without the need for authentication.
Oracle Enterprise Manager is affected by two vulnerabilities that may exploited over a network without the need for user/password credentials.
Oracle PeopleSoft Enterprise PeopleTools and JD Edwards EnterpriseOne affected by three vulnerabilities. None of these vulnerabilities may be exploited remotely without authentication.
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
