Oracle Update to Fix 37 Security Flaws

April 12, 2007

Thirteen security issues affecting Oracle Database are among those addressed.

Oracle plans to release patches to plug 37 security holes in its products next week, according to a preview of the upcoming Critical Patch Update released April 10.

The update will be made available April 17 and will include 13 security fixes for Oracle Database, two for Oracle Enterprise Manager, and one each for Oracle Workflow Cartridge and the Ultra Search component affect code bundled with Oracle Database.

"[Three] of these vulnerabilities may be remotely exploitable without authentication, i.e. they may be exploited over a network without the need for a username and password," the Redwood Shores, Calif., company reported in the announcement. " - Two - of these fixes are applicable to Oracle Database client-only installations, i.e. installations that do not have the Oracle Database installed."

The update also features 11 security patches for the Oracle E-Business Suite, two of which may be remotely exploited without authentication, the company warned in the announcement. Five security fixes are planned for Oracle Application Server. Other patches address vulnerabilities in Oracle Enterprise Manager and the company's PeopleSoft and JD Edwards Enterprise tools.

The upcoming release will be among the smallest patch loads in several months if it goes ahead as announced. In January, Oracle's critical patch update addressed 51 flaws, while the company's critical patch update last October contained more than 100 security fixes.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International