Email us! Subscribe to Liquidmatrix!

Oracle Plans 46 Patches for Update

Author: Dave Lewis
July 12, 2007 at 10:18 pm · Filed under App Security, Data Security

Not to be outdone, Oracle is wading into the patch scene with their own release this coming July 17th. They are tentatively scheduling the release of 46 patches. I wonder if David Litchfield will have some new Oracle fun for us at Black Hat this year.

Oracle Database Executive Summary

This Critical Patch Update contains 20 new security fixes for the Oracle Database including 1 new security fix for Application Express. 2 of these vulnerabilities may be remotely exploitable without authentication, i.e. they may be exploited over a network without the need for a username and password. None of these fixes are applicable to Oracle Database client-only installations, i.e. installations that do not have the Oracle Database installed.

The highest CVSS base score of vulnerabilities affecting Oracle Database products is 4.2.

The Oracle Database components affected by vulnerabilities that are fixed in this Critical Patch Update are:

* Advanced Queuing
* Application Express
* DataGuard
* JavaVM
* Oracle Data Mining
* Oracle Internet Directory
* Oracle Text
* PL/SQL
* Progam Interface
* Rules Manager
* Spatial
* SQL Compiler

Oracle Application Server Executive Summary

This Critical Patch Update contains 4 new security fixes for Oracle Application Server. 3 of these vulnerabilities may be remotely exploitable without authentication, i.e. they may be exploited over a network without the need for a username and password. 2 new fixes are applicable to client-only installations, i.e. installations that do not have Oracle Application Server installed.

Oracle Application Server products that are bundled with the Oracle Database are affected by Oracle Database vulnerabilities fixed in this CPU.

The highest CVSS base score of vulnerabilities affecting Oracle Application Server products is 2.3.

The Oracle Application Server components affected by vulnerabilities that are fixed in this Critical Patch Update are:

* Oracle Internet Directory
* Oracle Jdeveloper
* Oracle Single Sign On

For the full announcement from Oracle read on.

Article Link

Tags: , ,

Tag It:
  • Digg
  • del.icio.us
  • Slashdot
  • Technorati
  • SphereIt
  • StumbleUpon
  • Fark
  • YahooMyWeb
  • Furl
  • Spurl
  • Ma.gnolia
  • NewsVine
Related Articles:

  • Oracle: 45 Critical Database & Server Patches
  • Oracle Flags Up 52 Security Flaws
  • Oracle Products Multiple Vulnerabilities
  • Oracle Critical January Patches Announced
  • 2/3’s Of Oracle DBAs Don’t Apply Security Patches

    • Liquidmatrix Security Digest » Oracle Products Multiple Vulnerabilities said,

    July 18, 2007 @ 7:37 am

    [...] we can’t say that we didn’t warn ya. Secunia now has the vulnerability alert posted to their site. The milw0rm exploits should be soon [...]

    Adrian Lane said,

    July 15, 2008 @ 9:46 am

    Your ‘Article Link’ points to the 2007 patch release. It is an interesting contrast that the 2007 version actually contained some meaningful information, unlike it’s 2008 cousin, located here: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html

    Dave Lewis said,

    July 15, 2008 @ 11:13 am

    @Adrian

    Yup that was the 2007 release. Thanks for the link. I thought they weren’t posting until later today.

    RSS feed for comments on this post · TrackBack URI

    Leave a Comment