By Joris Evers
Staff Writer, CNET News.com
April 10, 2007
Oracle next week plans to release fixes for 37 security flaws across all
its products, the company said Tuesday.
The fixes will be delivered April 17 as part of Oracle's quarterly patch
cycle. Seven of the bugs are serious and could allow a system running
the vulnerable Oracle software to be compromised remotely, the company
said in a note on its Web site.
This is the second time Oracle is giving a heads-up on patches. The
first such advance notice was in January. Microsoft has been giving
customers a similar early warning since late 2004. Both companies have
put their patches on a schedule so customers know when to expect them.
The early warning is meant to allow for extra preparedness.
Oracle's advance notification goes further than Microsoft's, which only
states the product family for which patches will be released and gives a
broad indication of bug severity. Oracle also lists the number of
vulnerabilities it plans to patch and gives details of which products
and components will get fixes.
Oracle's "Critical Patch Update" is planned to include 13 fixes for
Oracle database products, five for Application Server, 11 for E-Business
Suite, and four for PeopleSoft and J.D. Edwards products, according to
In January, Oracle released fixes for 51 vulnerabilities.
Subscribe to InfoSec News