Version: 2008
  • On mySimon: The Life of Amelia Earhart
advertisementGet Smart about Business Spending

January 17, 2006 3:50 PM PST

Oracle fixes pile of bugs

By Joris Evers
Staff Writer, CNET News

  • Post a comment
Related Stories

Oracle to 'Fortify' its source code

 December 20, 2005

Halloween treat for Oracle: A database worm

 November 1, 2005

Oracle fixes bugs with mega patch

 October 18, 2005

When security researchers become the problem

 July 27, 2005

Oracle dragging heels on unfixed flaws, researcher says

 July 19, 2005
As part of its quarterly patch cycle, Oracle released on Tuesday fixes for a long list of security vulnerabilities in many of its products.

The "Critical Patch Update" delivers remedies for 37 flaws related to Oracle's Database products, 17 related to Application Server, 20 to the Collaboration Suite, 27 to E-Business Suite and Applications, one to PeopleSoft's Enterprise Portal and one in JD Edwards software.

Some of the flaws carry Oracle's most serious rating, which means they're easy to exploit and an attack can have a wide impact, according to the alert. "Several of these vulnerabilities are significant, and should be patched as soon as possible," security provider Symantec said in an alert to users of its DeepSight intelligence service.

While there are a lot of fixes, the vulnerabilities are clearly marked, which could make them easier to deal with, Pete Finnigan, a security specialist in York, England, wrote on his blog. "This seems like a good mixed bag of fixes, quite a lot in total," he said. "This time it seems possible to isolate the areas affected in more cases due to the more explicit naming of some packages, programs and commands."

In addition to the security fixes, Oracle also released a tool to check for default accounts and passwords. It's meant to help businesses defend their systems against the "Oracle voyager" database worm, which takes advantage of those default items.

In response to the Oracle patch release, Symantec raised its ThreatCon global threat index to Level 2, which means an outbreak is expected. It typically does that after a patch release because malicious hackers might use the fixes as a blueprint for attacks.

Oracle has been criticized for being slow to fix security flaws and being unresponsive to researchers who find bugs. Oracle's chief security officer, Mary Ann Davidson, has responded in turn by saying bug hunters themselves can be a problem when it comes to product security. The company recently said it was adding more automation to its bug-checking process.

See more CNET content tagged:
Oracle Corp., application server, bug, fix, security

advertisement
Click Here

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Oracle (-0.22%) -0.05 22.34
Dow Jones Industrials (-0.14%) -14.28 10,318.16
S&P 500 (-0.32%) -3.52 1,091.38
NASDAQ (-0.50%) -10.78 2,146.04
CNET TECH (-0.45%) -7.10 1,577.23
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET