Microsoft gets way too much blame for needing lots of patches for their products; Oracle will ship 51 fixes for its products in October.
Patch Tuesday arrived for Oracle administrators today, and it’s a doozy. Oracle releases patches on a quarterly basis. Today’s scheduled bundle of joy will give Oracle’s customers plenty to apply to their software.
Oracle’s critical patch pre-release announcement called for 51 patches covering products across their spectrum of software. Patches for Oracle’s signature database products total 27 of the 51 planned for release.
From their statement, the Oracle database components affected by vulnerabilities that are fixed in this Critical Patch Update are:
• Advanced Queuing
• Advanced Security Option
• Core RDBMS
• Export
• Import
• Oracle Database Vault
• Oracle Net Services
• Oracle Text
• Spatial
• SQL Execution
• Workspace Manager
• XML DB
On the Oracle Application Server, seven of the eleven security fixes arriving for that product represent patches for remotely exploitable issues. An attacker would not need a username/password combination to exploit them.
Oracle said the Application Server components affected by vulnerabilities that are fixed in this Critical Patch Update are:
• Oracle Containers for J2EE
• Oracle HTTP Server
• Oracle Internet Directory
• Oracle Portal
• Oracle Process Mgmt & Notification
• Oracle Single Sign-On
Fixes for some PeopleSoft products are in the release, but there are no new security bulletins for JD Edwards products, Oracle said.
More: continued here
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!