Oracle to issue 45 security patches
By Miya Knights,
Oracle has said it will release 45 critical security fixes next Tuesday, promising to keep database and IT security administrators busy.
But they may be surprised to find that despite the large number, Oracle has said none of the patches can be exploited over a network without a user name and password.
This has led some to question the true meaning of the regular patching cycle, known as Oracle’s Critical Patch Update (CPU). Oracle describes the quarterly CPUs as “the primary means of releasing security fixes for Oracle products to customers with valid support contracts.”
And recent research carried out among Oracle users groups by security firm Sentrigo found that two thirds of the 305 database administrators, consultants and developers surveyed had never installed Oracle's CPU.
Nevertheless, the CPU includes 11 database fixes that affect a number of versions within the 11g, 10g and 9i releases.
Among the affected products are Oracle’s TimesTen in-memory database, Oracle Application Server, a number of PeopleSoft Enterprise products, Oracle Enterprise Manager Database Control, E-Business Suite, and WebLogic Server, which it acquired by purchasing BEA Systems. There are no new patches for Oracle’s J.D. Edwards suite of products.
Despite debate over their importance, Oracle said three of the seven WebLogic Server patches and all nine for Oracle Application Server regard vulnerabilities that can be exploited with no authentication needed.
More details on the CPU is available via Oracle’s pre-CPU notice. The full patches will be released next Tuesday, 15 July.
advertisement
Latest Security Features
IT around the world: Russia
In the first of an on-going series examining IT markets around the globe, we look at whether investing in Russia is worth the risk – and how to go about it the right way.
- Chinese web control an Olympic challenge for tech firms
- SOS Bletchley Park
- Where will IT be in 2015?
- Q&A: John Stewart, Cisco's chief security officer
- NHS IT - something to celebrate?
- Q&A: Tom Ilube, head of Garlik
- Ten of the most infamous ‘black hat’ hackers
- USB Flash Disks: A modern day business curse?
- Creating a mobile data management policy
Latest Security Reviews
AVG Internet Security SBS Edition 8.0
Rating: 
- Finjan Vital Security Web Appliance NG-6000S
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
- EXCLUSIVE: Juniper Networks SSG 550 UTM appliance
- EXCLUSIVE: Arbor Networks Peakflow X 3.7
- EXCLUSIVE: Check Point UTM-1 1050
- EXCLUSIVE: Finjan Vital Security NG-5100
advertisement
Latest News Videos in Security
Video: Q&A with Richard Archdeacon, Symantec
PlayIT PRO speaks to Richard Archdeacon, director, global services, at the information security software vendor Symantec.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?