Get your fix
Published: 16 July 2009 10:40 GMT
Oracle has released fixes for 33 security flaws that affect hundreds of products across its range.
In its security advisory, published alongside the patches on Tuesday, the software maker gave two of the vulnerabilities its highest possible severity rating.
"Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products," Oracle said in a statement. "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible."
Under the Common Vulnerability Scoring System (CVSS) used by Oracle, two of the bugs - those affecting the JRockit and Secure Backup HTTP components - received a severity score of 10, the highest available. Both of the flaws are remotely exploitable, do not require authentication and could allow an attacker to take control of a system, Oracle said.
The JRockit fix is included in a patch for the BEA Product Suite, while the patch for Secure Backup HTTP is included in a fix for the Secure Backup product.
A flaw in the network foundation layer component, which establishes and maintains network connections, received a CVSS score of 9, for the Windows version of the software. Authentication is needed to exploit the bug, but a successful attack could result in complete control of a database, Oracle said. The network foundation layer fix is included in a patch for the Oracle Database product.
Overall, the update includes 10 fixes for Oracle's database software, of which three can be exploited remotely without authentication, Oracle said.
Other patches include two for Oracle Secure Backup; two for the Oracle Application Server; five for Oracle Applications; two for Oracle Enterprise Manager; three for the Oracle PeopleSoft and JDEdwards Suite; one for the Oracle Siebel Suite; and five for the Oracle BEA Products Suite. Full details of the bugs are available from Oracle.
Oracle's update arrived on the same day as patches from Microsoft fixing critical vulnerabilities in DirectShow and Video ActiveX that had been targeted in attacks, as well as holes in Embedded OpenType Font Engine and Microsoft Publisher that could allow someone to remotely take control of a system. Oracle's next quarterly security update is due on 13 October.
Original article: Oracle fixes 33 security bugs from ZDNet UK
You will be responsible for working to strict SLAs with vital business to business customers, where you will have to remotely fix routers and ...
Objective The role is responsible for monitoring, managing and escalating alerts from the suite of management tools that provide proactive event ...
You will be responsible for supporting users remotely on HP Service Desk on a Windows XP platform providing technical support and problem-solving, ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business
Tim Ferguson Exclusive: Former MySQL boss Marten Mickos talks open source Why Microsoft could become one of the "biggest friends of open source" and why Oracle getting its hands on MySQL could be "one of the biggest open source coups ever"...