Home > Oracle Database / Applications News > Oracle fixes 36 more vulnerabilities
Oracle Database / Applications News:
EMAIL THIS

Oracle fixes 36 more vulnerabilities

By Mark Brunelli, News Editor
19 Apr 2006 | SearchOracle.com

Oracle tips, scripts, and expert advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Oracle Corp. Tuesday handed out another major patch load as part of its quarterly patch cycle.

The Redwood Shores, Calif.-based vendor in total patched 36 vulnerabilities in various products, including its database and application server software.

Along with the security updates, Oracle yesterday said it has made changes to an existing tool that seek out default accounts and passwords that could theoretically be used for nefarious purposes by malicious hackers. According to Oracle's MetaLink customer support site, databases upgraded from Oracle 7, Oracle 8i or Oracle 9i may still have the default accounts.

More on Oracle security:

Whoops! Oracle accidentally exposes flaw

Oracle patches 82 critical flaws

Security firm Symantec Corp. issued an alert to its customers, which said that many of the vulnerabilities addressed this quarter are significant.

"The biggest noticeable difference to previous [critical patch updates] is that the number of fixes is lower," Oracle security guru Pete Finnigan wrote in his blog, a reference to the 82 critical flaws Oracle addressed in its January update. "The database has 14 fixes for various versions of the database software, one of the fixes also applies to the application server."

According to Oracle, the patches released yesterday affect the following products:

  • Oracle Database 10g Release 2, versions 10.2.0.1, 10.2.0.2
  • Oracle Database 10g Release 1, versions 10.1.0.4, 10.1.0.5
  • Oracle9i Database Release 2, versions 9.2.0.6, 9.2.0.7
  • Oracle8i Database Release 3, version 8.1.7.4
  • Oracle Enterprise Manager 10g Grid Control, versions 10.1.0.3, 10.1.0.4, 10.2.0.1
  • Oracle Application Server 10g Release 2, versions 10.1.2.0.0 - 10.1.2.0.2, 10.1.2.1.0, 10.1.3.0.0
  • Oracle Application Server 10g Release 1 (9.0.4), versions 9.0.4.1, 9.0.4.2
  • Oracle Collaboration Suite 10g Release 1, versions 10.1.1, 10.1.2.0, 10.1.2.1
  • Oracle9i Collaboration Suite Release 2, version 9.0.4.2
  • Oracle E-Business Suite Release 11i, versions 11.5.1 - 11.5.10 CU2
  • Oracle E-Business Suite Release 11.0
  • Oracle Pharmaceutical Applications versions 4.5.0 - 4.5.2
  • Oracle PeopleSoft Enterprise Tools, versions 8.47GA - 8.47.04
  • Oracle PeopleSoft Enterprise Tools, versions 8.46GA - 8.46.12
  • JD Edwards EnterpriseOne Tools, OneWorld Tools, versions 8.95 - 8.95.J1

    Tags: Oracle Application ServerOracle database installation, upgrades and patchesOracle database securityVIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



    RELATED CONTENT
    Oracle Application Server
    Oracle to acquire application service management firm
    Don't wait for clarity on Oracle's VM strategy, experts say
    Oracle's 10 steps to get to Fusion rely on Oracle investments
    Oracle Fusion Middleware: Top five headlines
    Oracle-BEA deal gets the green light
    Oracle adds Data Integration Suite to middleware family
    Oracle-BEA deal means tough choices for middleware buyers
    Oracle to buy BEA Systems
    Oracle bids for BEA Systems
    Oracle challenges IBM, Microsoft with application server platform
    Oracle Application Server Research

    Oracle database installation, upgrades and patches
    Oracle's Java database continues push into embedded database market
    How to use the Oracle Database Upgrade Assistant (DBUA)
    Oracle delivers database fixes in Critical Patch Update
    How to get the most out of Toad for Oracle 10
    Coca-Cola Bottling swaps out Oracle for DB2
    Oracle renews push into embedded open source software market
    Oracle releases new database, says 11g upgrade will cut costs
    Comparing servers for Oracle database 11g upgrades
    Choosing the right server hardware is all about choosing the right software
    The best of the Oracle 11g-ready servers

    Oracle database security
    How to enable remote Oracle OS authentication with OS_AUTHENT_PREFIX
    Oracle delivers database fixes in Critical Patch Update
    How to use DBMS_CRYPTO package for Oracle password encryption/hashing
    How to decrypt an Oracle password using John the Ripper and checkpwd
    How to use the CREATE SESSION command to track Oracle database logins
    How to troubleshoot Oracle critical patch updates using OPatch
    Can I automate Oracle patching when installing Oracle Standard Edition?
    Is it possible to automate Oracle CPUs for a DoD project?
    Three steps to help improve Oracle database security
    Tips for auditing and securing database backups in Oracle

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    10g  (SearchOracle.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    • Oracle News, Oracle Training, Oracle Management
    HomeNewsTopicsTipsAsk the ExpertsMultimediaWhite PapersProductsBlogs
    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    SEARCH 
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts