Oracle’s July Critical Patch Update (CPU) is now out with fixes for a whopping 65 bugs.
Security firm Secunia rated the aggregate of the vulnerabilities “highly critical.”
The July patch haul is a significant increase over the 36 flaws that Oracle’s last quarterly update in April repaired. But it is fewer than the 82 flaws for January.
The July CPU, like its predecessors, covers a laundry list of Oracle software, including:
Ron Ben-Natan, CTO of database security and compliance company Guardium, commented that more than 75 percent of the vulnerabilities addressed in the July Critical Patch Update could have impact database server availability, compared with less than 30 percent of the vulnerabilities disclosed in April.
According to Guardium’s analysis of the July CPU, Oracle Net, which is sometimes referred to as Net 8/9 or SQL*Net), RPC (remote procedure calls) In Secunia’s analysis, some of the flaws in the July CPU could potentially be targeted for SQL injection attacks or compromise a vulnerable system. Other flaws Secunia noted as “unknown impact.” Guardium’s analysis paints a less ominous picture. “The silver lining with these vulnerabilities is that most affect only data availability and integrity, not confidentiality.” Ben-Natan said. “Still, companies need to be aggressive in updating their software, as skilled hackers can quickly compromise un-patched database servers.” Oracle is likely to only issue one more patch update before the end of 2006 in keeping with its current quarterly patch update cycle.


