Oracle Patches 82 Flaws
Page 1 of 1
Yes, you read that headline correctly. Oracle is out with a new security patch addressing 82 vulnerabilities and security issues in various Oracle products.
Oracle's January patch is the first issued since October 2005 when the company patched 89 different vulnerabilities. Security firm Secunia has rated the January vulnerabilities as being "moderately critical."
The vulnerabilities affect Oracle Database Server versions 8.x, 9i and 10g, as well as multiple versions of Oracle Application Server, Oracle E-Business Suite 11i and Oracle Collaboration Suite.
Oracle-branded products are not the only ones at risk in this update, as it also covers J.D. Edwards Enterprise 8.x and PeopleSoft Enterprise Portal 8.x.
Oracle's advisory on the updates includes detailed risk matrices for each effected product.
Secunia wrote in its advisory that some of the vulnerabilities have an unknown impact, whereas others can be exploited to gain knowledge of certain information and overwrite arbitrary files, as well as to conduct SQL injection attacks.
Oracle first announced its quarterly patch update model in November 2004.
After surveying customers across a variety of industries, an Oracle spokesperson said, the company found that a quarterly process strikes a balance between issuing patches often enough to protect customers from serious vulnerabilities and makes it easier for them to manage the maintenance process.
The spokesperson explained that the quarterly schedule allows Oracle to satisfy customer demand while delivering three key benefits.
Organizations can plan configuration management rather than reacting to unscheduled "surprise" patch alerts. Common blackout dates, the time when customers will not update their systems, can be avoided.
And, finally, a third benefit according to the spokesperson, is that Critical Patch Updates help lower the cost of applying patches by delivering a single, well-integrated and well-tested patch that fixes multiple, high-priority vulnerabilities.