100 fewer holes following Oracle Patch Update
Oracle's regularly scheduled quarterly Patch Update is once again here. The database maker is closing 100 security holes in all for numerous products. One ray of sunshine for administrators: the previously announced executive summaries provide brief recaps of the danger potential of the various security holes. However, David Litchfield is still grumbling about the fact that Oracle has once again failed to provide patches for all platforms in a timely manner.
Oracle closed 63 holes in all within the databases, 14 in the application server, 13 in the E-Business suite, eight in the PeopleTools and the PeopleSoft Enterprise Portal Solutions as well as one each in JD Edwards EnterpriseOne and in Oracle Pharmaceutical Applications. Thirty of the holes could have allowed attacks on the databases from unauthenticated attackers over the net, 13 in the application server, and one each in the E-Business suite and in the PeopleSoft products.
Oracle's newly devised summaries represent a step in the right direction, even if some administrators were hoping for more. They allow readers to see at a glance just how critical a given hole is and therefore which patches should be applied immediately. Since many of the holes can be exploited by non-registered attackers from the net, Oracle administrators should install the updates as soon as possible.
- Oracle Critical Patch Update - October 2006, Summary and overview of the updates from Oracle
- Analysis of the October 2006 Critical Patch Update for the Oracle RDBMS (PDF) by David Litchfield