By Robert McMillan
IDG news service
11 January 2008
Oracle is set to fix dozens of flaws in its software products, including
critical bugs in the company's database, e-business suite and
In its first security update of 2008, next Tuesday, Oracle will ship 27
security fixes, some of which will affect several products.
Oracle releases security patches every three months, a process known as
the Critical Patch Update (CPU). January's bug-fix total is low by
Oracle's standards. In October, the company patched 51 vulnerabilities.
As usual, the company's database will be a major focus of the CPU.
Oracle plans to ship eight security fixes for the Oracle Database,
addressing bugs in the software's advanced queuing, core RDBMS, Oracle
Agent, Oracle Spatial and XML database software.
None of the database vulnerabilities can be exploited over a network
without the attacker first obtaining a username and password for the
Oracle's next most-patched product will be the E-Business Suite, which
will receive seven updates, three of which are for bugs that can be
remotely exploited by attackers who do not have usernames or passwords
for the system.
The Oracle Application Server will get six bug-fixes, addressing flaws
in components such as the product's BPEL, Worklist Application, Oracle
Forms and Oracle Internet Directory software.
Finally, Oracle is planning four updates for its PeopleSoft and JD
Edwards products, as well as one fix each for Oracle Enterprise Manager
and the Oracle Collaboration Suite.
Visit InfoSec News