Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

domenica 22 gennaio 2012

Oracle repairs two database flaws, issues 78 patches to product line

Oracle repaired two flaws in its database management system as a part of its quarterly update this week that included 78 patches across its product portfolio.

One of the Oracle Database Server vulnerabilities is remotely exploitable, in accordance with the Oracle January 2012 Critical Patch Update Advisory. The updates affect Oracle Database 10g and 11g release 1 and a couple of. The failings can be found within the listener and the core of the DBMS, Oracle said.

Application Security Inc.'s research arm, TeamSHATTER, which says it has discovered and disclosed multiple vulnerabilities to Oracle which can be currently in Oracle's update queue, called Oracle's latest round of updates a record low for database fixes.

Oracle started the CPU program in January 2005. The former record low was set within the last CPU in October with just five fixes to Oracle's database management systems. Previous to that, there have been three different CPUs that had just six fixes, based on Application Security.

Oracle did release a large update to its MySQL open source database management system. The CPU contained updates repairing 27 fixes for Oracle MySQL. Among the errors is remotely exploitable without authentication, Oracle said. 

Among the foremost critical updates is Oracle Solaris, which fixes eight vulnerabilities including a serious vulnerability with a typical vulnerability scoring system (CVSS) score of seven.8. The update also includes three fixes within the Glassfish application server.  

Redwood Shores, Calif.-based vulnerability management vendor Qualys Inc. said overall the Oracle update was large for software users. The corporate said fixes to Weblogic/Apache and Solaris, which are Internet accessible, must be a concern. 

Other updates linked to the January 2012 quarterly CPU affected Oracle's Fusion middleware, its PeopleSoft and JD Edwards software and its Sun Product Suite. Oracle also repaired three vulnerabilities in its E-Business Suite.

The updates included fixes for 3 flaws affecting Oracle Virtualization. The updates affected Oracle VirtualBox and Oracle's Virtual Desktop Infrastructure.  None of the vulnerabilities are remotely exploitable.


Dig Deeper
  • Those that read this also read...


Pubblicato da alle 23:56

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)