Oracle releases 51 patches

Oracle today released 51 unique fixes as part of its latest quarterly security update.

The patches are comprised of:

· 26 fixes for Oracle Database products to address 10 vulnerabilities that may be remotely exploitable without authentication;

· a dozen fixes for Application Server, remedying eight flaws that may be remotely exploitable;

· seven fixes for the E-Business Suite, which contain no remotely exploitable vulnerabilities;

· six fixes for Enterprise Manager, sewing up five remotely exploitable holes; and

· three fixes for PeopleSoft Enterprise, addressing one remotely exploitable bug.

Some of the fixes correspond to vulnerabilities across products.

The most severe vulnerabilities affect Oracle Database and E-Business Suite and are rated seven out of 10, according to Oracle's Common Vulnerability Scoring System (CVSS).

"Due to the threat posed by a successful attack, Oracle strongly recommends that fixes are applied as soon as possible," the company said today in an advisory.

For the first time, the database giant issued a pre-patch announcement that detailed its plans for today's release, much in the same way Microsoft does each month. The move was largely hailed as a way for IT administrators to get a better handle on the Oracle patching process.

But experts said Oracle - which has been forced to patch an increasing number of flaws over the past year - should concentrate on building security in.

"This is another step in the right direction by Oracle," said Paul Davie, CEO of U.K.-based database security vendor Secerno. "But users need to beware: it's not the vendor vulnerabilities they need to focus on but the critical weaknesses in their development process."

Click here to email reporter Dan Kaplan.

Sign up to our newsletters