Skip the navigation
)

Oracle patches 89 holes with quarterly security update

The patches affect versions of its database software from 8i onward.

By Peter Sayer
October 19, 2005 12:00 PM ET

IDG News Service - Oracle Corp. yesterday released a bundle of critical security patches for its software, fixing 89 vulnerabilities in products including its database and application servers and in some PeopleSoft and J.D. Edwards applications. A work-around exists for just one of the vulnerabilties, according to Oracle, which recommends applying the patches as soon as possible.

The patches are part of Oracle's quarterly security update program and affect versions of its database software from 8i onward. Customers covered by Oracle's Extended Maintenance Support or Extended Support plans can download the patches.

The company supplied fixes for 33 vulnerabilities in its database server software, many of them easy to exploit and with wide impact on the confidentiality, integrity or availability of information stored in databases. That is as bad as it gets in Oracle's security rating system.

Oracle patched 14 flaws in its application server software (four of them fixed by the database server patches and 10 requiring further patches), 13 flaws in its Collaboration Suite, 22 in its E-Business Suite and one in its Enterprise Manager software.

Six of the patches are for PeopleSoft or J.D. Edwards EnterpriseOne software. There is a work-around for one of these vulnerabilities, which can be fixed by turning off PSOL Manager until the patch is applied.

One of the security vulnerabilities, known as CAN-2005-0873, was already public, Oracle said. According to the Common Vulnerabilities and Exposures list, it allows remote attackers to inject arbitrary Web scripts or HTML into Oracle Reports Server 10g (9.0.4.3.3) via multiple cross-site scripting attacks. Oracle provides few details of the vulnerabilties fixed by the other patches.

More information on Oracle's latest critical patch update can be found online at http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html.

Oracle plans to release its next update on Jan. 17.

Reprinted with permission from IDG.net. Story copyright 2012 International Data Group. All rights reserved.
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
Additional Resources
Security KnowledgeVault
WHITE PAPER
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

Cut Communications Costs Once and for All
WHITE PAPER
New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Malware and Vulnerabilities White Papers
Practice Management: Double Billing Rate and Improve Patient Services
Would you like to double your billing rate and achieve faster payment for services?

Download this customer success story to see how One Health...
Mission Critical Data Explosion and Customer Case Study
Would you like to double your tier 1 storage capacity while simultaneously reducing your storage footprint?

Download this customer success story to see how...
Protecting Against Database Attacks and Insider Threats: Top 5 Scenarios
Read this new eBook to learn the top five scenarios and essential best practices for preventing database attacks and insider threats.
Database Activity Monitoring Is Evolving
Read the analyst report and learn how you can leverage the core capabilities of a DAP solution for better database security.
Establishing a Strategy for Database Security is No Longer Optional
The options for securing increasingly valuable databases are very broad and deep, and can be confusing. This research provides an overview of three...
All Malware and Vulnerabilities White Papers
Malware and Vulnerabilities Webcasts
Distributed Database Security with Real-time Monitoring
View this demo and learn how IBM InfoSphere Guardium database activity monitoring can help protect your sensitive data in distributed DBMS environments with...
InfoSphere Warehouse Packs Demo
These flash modules make warehousing more tangible and relevant to business users through detailed explanations of the InfoSphere Warehouse Packs.
Delivery Management -- Extending Lifecycle Management
Date: Wednesday, June 20, 2012, 1:00 PM EDT

Siloed organizations continue doing the wrong things and doing things wrong, leading to increased costs,...
Leverage automation today to reduce IT complexity
Date: Tuesday, June 5, 2012, 2:00 PM EDT

Whether your B2B complexity is caused by multiple technologies due to M&A, business or application specific...
Redefine Expectations in the Data Center
Need to do more with less? Watch this video to learn how HP ProLiant Gen8 servers can help your business deploy servers three...
All Malware and Vulnerabilities Webcasts
Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all newsletters | Privacy Policy
IT Jobs