July 13, 2005 7:01 AM PDT

Oracle update fixes security flaws

Database maker Oracle has corrected a number of security bugs with its latest quarterly update.

Various versions of Oracle products, including its database, application server and 11i E-Business Suite, are part of Tuesday's update, according to the company.

"A number of high-risk SQL injection and parameter manipulation security vulnerabilities in the Oracle E-Business Suite are corrected by the security patches released" Tuesday, said security company Integrigy, which produces tools for a number of enterprise applications from companies such as Oracle and PeopleSoft. "Customers with Internet-facing implementations of the Oracle E-Business Suite should consider applying these patches as soon as possible."

Chicago-based Integrigy added that "it is possible that an attacker with only a Web browser and a network connection (either internally or externally) to Oracle E-Business Suite Web application servers can execute malicious SQL statements in the database as the APPS database account."

Oracle's next update is scheduled for Oct. 18.

Renai LeMay of ZDNet Australia reported from Sydney.


Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.