Oracle issues multi-patch security bulletin
Database giant Oracle has released its quarterly security bulletin, with some 65 patches for its customers to deal with.
The fixes patch security problems in various versions of Oracle’s Database, Database Client, Application Server, Collaboration Suite, E-Business Suite and Applications, Enterprise Management, JD Edwards and PeopleSoft products. Seibel products are not included in the update, but are due to be integrated into the company’s Critical Patch Update Process for the next release in October.
Some 27 of the holes need no authorisation in order to exploit them. Security firm Secunia describes the bulletin as highly critical, warning that the impact of some vulnerabilities is as yet unknown, while other are remotely exploitable.
The bulletin fixes a vulnerability in Oracle’s 10g product for which exploit code has been publicly available since April, after being posted to bugtraq.
However, Oracle maintains its security practices are robust. Eric Maurice, Manager for Security in Oracle’s Global Technology Business Unit wrote in his blog: ‘Every day, we run hundreds of thousands of various tests against Oracle’s products … The results of these tests often contribute to enhance our development best practices (Oracle’s Secure Coding Standards), which are enforced across our entire development organization.’
Oracle has in the past come in for criticism over its security strategy. In January, research firm Gartner claimed the company could no longer be thought of as a ‘bastion of security’, lamenting the quality of the patches and the fact that no workarounds were offered. In this instance too, Oracle hasn’t issued any workaround information for its customers.