In association with heise online

17 January 2007, 10:17

Oracle closes 51 holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

As announced, Oracle has released its Critical Patch Update for January of 2007, though only 51 patches were released, one fewer than described in the recently launched pre-release announcement. A number of products ranging from Oracle Database to Oracle Application Server, Oracle Collaboration Suite, and Oracle Enterprise Manager are affected. The problems remedied include SQL injection holes and buffer overflows that could be exploited to inject code or take down a server.

17 vulnerabilities have been remedied in the vendor's database products alone, some of which could be exploited over networks to manipulate the server. According to database security specialist Alexander Kornbrust, it took Oracle 1,918 days to remedy a hole that attackers could exploit to to bypass a server's default index page and list directory contents by adding a number of slashes to a URL.

As in the previous CPU, the security advisory includes a risk matrix and an executive summary to help companies decide how quickly a patch should be installed, if at all.

Also see:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit