In association with heise online

18 October 2006, 12:55

100 fewer holes following Oracle Patch Update

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Oracle's regularly scheduled quarterly Patch Update is once again here. The database maker is closing 100 security holes in all for numerous products. One ray of sunshine for administrators: the previously announced executive summaries provide brief recaps of the danger potential of the various security holes. However, David Litchfield is still grumbling about the fact that Oracle has once again failed to provide patches for all platforms in a timely manner.

Oracle closed 63 holes in all within the databases, 14 in the application server, 13 in the E-Business suite, eight in the PeopleTools and the PeopleSoft Enterprise Portal Solutions as well as one each in JD Edwards EnterpriseOne and in Oracle Pharmaceutical Applications. Thirty of the holes could have allowed attacks on the databases from unauthenticated attackers over the net, 13 in the application server, and one each in the E-Business suite and in the PeopleSoft products.

Oracle's newly devised summaries represent a step in the right direction, even if some administrators were hoping for more. They allow readers to see at a glance just how critical a given hole is and therefore which patches should be applied immediately. Since many of the holes can be exploited by non-registered attackers from the net, Oracle administrators should install the updates as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit