Oracle closes numerous holes in its products
As announced, Oracle has released security fixes for several of its products. In total there are 45 patches and of those, 13 patches address SQL injection holes, buffer overflows, and other bugs in the Oracle database. While none of these could be remotely exploited, the fixes for BEA products, for the first time contained in the CPU, are a different proposition. An attacker could exploit four of the seven holes that were closed, without authentication over the internet. Oracle also for the first time, issued updates for the Hyperion Performance Suite and the TimesTen In-Memory Database .
Other remedies were issued for vulnerabilities in the Application Server, Enterprise Manager and PeopleSoft. Due to the potential risk, Oracle recommends that users install the updates as soon as possible. But it is doubtful whether this advice will be heeded. Early this year, when asked if they had ever installed a CPU, two-thirds of the database administrators, developers, and consultants surveyed answered, "No". According to the information of service provider Sentrigo, only ten per cent of the respondents stated that they had so much as installed the current Oracle patches.
- Oracle Critical Patch Update Advisory - July 2008, Description by Oracle