On deck from Oracle: 45 critical database, server patches

45 critical database, server patchesDatabase server giant Oracle plans to ship patches for a total of 45 security vulnerabilities on Thursday (July 17), bringing the vulnerability count for 2008 to a whopping 112.

Since January 2006 (this CPU included), Oracle has shipped fixes for a total of 572 vulnerabilities.

According to a pre-release analysis, the vulnerabilities affect hundreds of products, including all supported Oracle Database, Oracle Application Server, and Oracle E-Business Suite versions.

This is the first Critical Patch Update that includes fixes for BEA WebLogic, Hyperion BI, and TimesTen Database.

In this patch batch, Oracle will provide patches for 11 Oracle Database vulnerabilities. According to Integrigy CTO Stephen Kost, some of the database flaws can be exploited using only PUBLIC privileges accessible by all database accounts.

The July CPU will also cover 9 new Oracle Application Server vulnerabilities, all of which are remotely exploitable without authentication. For the Oracle E-Business Suite 11i and R12 products, there are 6 new vulnerabilities, some of which can be readily exploited by an unprivileged user.

Kost recommends that this quarter’s security patches should be deemed critical.

[Source: zdnet]