Oracle's 65 Flaw Update | Internet News
Security
SHARE
Facebook X Pinterest WhatsApp

Oracle’s 65 Flaw Update

Written By
Sean Michael Kerner
Sean Michael Kerner
Jul 19, 2006
2 minute read


Oracle’s July Critical Patch Update (CPU) is now out with fixes for a whopping 65 bugs.

Security firm Secunia rated the aggregate of the vulnerabilities “highly critical.”

The July patch haul is a significant increase over the 36 flaws that Oracle’s last quarterly update in April repaired. But it is fewer than the 82 flaws for January.

The July CPU, like its predecessors, covers a laundry list of Oracle software, including:


  • JD Edwards EnterpriseOne 8.x;
  • JD Edwards OneWorld 8.x;
  • Oracle Application Server 10g;
  • Oracle Collaboration Suite 10.x;
  • Oracle Database 10g;
  • Oracle Database 8.x
  • Oracle E-Business Suite 11i;
  • Oracle Enterprise Manager 10.x;
  • Oracle PeopleSoft Enterprise Tools 8.x;
  • Oracle Pharmaceutical Applications 4.x;
  • Oracle Workflow 11.x;
  • Oracle9i Application Server;
  • Oracle9i Collaboration Suite;
  • Oracle9i Database Enterprise Edition;
  • Database Standard Edition and Oracle9i Developer Suite.

    Ron Ben-Natan, CTO of database security and compliance company Guardium, commented that more than 75 percent of the vulnerabilities addressed in the July Critical Patch Update could have impact database server availability, compared with less than 30 percent of the vulnerabilities disclosed in April.
    According to Guardium’s analysis of the July CPU, Oracle Net, which is sometimes referred to as Net 8/9 or SQL*Net), RPC (remote procedure calls) and the Oracle Call Inteface (OCI) represent the greatest share of patched vulnerabilities.

    In Secunia’s analysis, some of the flaws in the July CPU could potentially be targeted for SQL injection attacks or compromise a vulnerable system. Other flaws Secunia noted as “unknown impact.”
    Guardium’s analysis paints a less ominous picture.
    “The silver lining with these vulnerabilities is that most affect only data availability and integrity, not confidentiality.” Ben-Natan said. “Still, companies need to be aggressive in updating their software, as skilled hackers can quickly compromise un-patched database servers.”
    Oracle is likely to only issue one more patch update before the end of 2006 in keeping with its current quarterly patch update cycle.
Sean Michael Kerner
Internet News Logo

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

facebook
x

Company

Contact us Advertise with us

Categories

News Enterprise Small Business Reviews Podcasts Blog Research

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information