Advertisement
Promo

Security threats Toolkit

Oracle patches 103 flaws

Joris Evers CNET News

Published: 18 Jan 2006 14:40 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

As part of its quarterly patch cycle, Oracle released on Tuesday fixes for a long list of security vulnerabilities in many of its products.

The "Critical Patch Update" delivers remedies for 37 flaws related to Oracle's Database products, 17 related to Application Server, 20 to the Collaboration Suite, 27 to E-Business Suite and Applications, one to PeopleSoft's Enterprise Portal and one in JD Edwards software.

Some of the flaws carry Oracle's most serious rating, which means they're easy to exploit and an attack can have a wide impact, according to the alert. "Several of these vulnerabilities are significant, and should be patched as soon as possible," security provider Symantec said in an alert to users of its DeepSight intelligence service.

While there are a lot of fixes, the vulnerabilities are clearly marked, which could make them easier to deal with, Pete Finnigan, a security specialist in York, wrote on his blog. "This seems like a good mixed bag of fixes, quite a lot in total," he said. "This time it seems possible to isolate the areas affected in more cases due to the more explicit naming of some packages, programs and commands."

In addition to the security fixes, Oracle also released a tool to check for default accounts and passwords. It's meant to help businesses defend their systems against the "Oracle voyager" database worm, which takes advantage of those default items.

In response to the Oracle patch release, Symantec raised its ThreatCon global threat index to Level 2, which means an outbreak is expected. It typically does that after a patch release because malicious hackers might use the fixes as a blueprint for attacks.

Oracle has been criticised for being slow to fix security flaws and being unresponsive to researchers who find bugs. Oracle's chief security officer, Mary Ann Davidson, has responded in turn by saying bug hunters themselves can be a problem when it comes to product security. The company recently said it was adding more automation to its bug-checking process.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
69 out of 142 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:






Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

2 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters