Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Oracle Fixes 82 Database, Server Flaws

Oracle on Tuesday patched 82 different vulnerabilities in its flagship database and other server products, leading security company Symantec to raise the overall Internet threat status and others puzzling over the exact extent of the risk.

The Critical Patch Update fixes 37 flaws in Oracle's Database, 17 in its Application Server, 20 in the Collaboration Suite, 27 in E-Business Suite, and one each in the PeopleSoft Enterprise Portal and JD Edwards HTML Server.

While the number may seem staggering to those not used to Oracle's quarterly security updates -- Windows users, for instance, go into shock when Microsoft releases more than a dozen fixes in a given month -- January's batch is actually smaller than the October 2005 bunch. Then, Oracle patched 106 different bugs.

Many of this quarter's fixed vulnerabilities were tagged by Oracle with its highest risk ratings -- unlike other vendors such as Microsoft, Oracle breaks out risk rankings into numerous sub-categories -- with notes that they're easy to exploit and have a potentially wide range of impact. Among the bugs are many which can be exploited remotely, and 61 which can be used by anonymous (non-authenticated) users.

Responding to the patch, Cupertino, Calif.-based Symantec raised its ThreatCon level to "2" late Tuesday. ThreatCon, a 1 through 4 ranking Symantec uses to note the overall security status of the Web, was bumped, said Symantec, because of the Oracle release.

  • 1