Update fixes 85 vulnerabilities
vnunet.com, 19 Oct 2005
Oracle has issued a major patch release covering 85 vulnerabilities in its software.
The patch fixes a number of serious flaws, including one buffer overflow vulnerability, 17 PL/SQL injection vulnerabilities in Oracle Database 10g and Oracle9i Database Server, and flaws in the Oracle Reports Server used in 23 applications.
The patch also includes non-security fixes that are needed because of the security patches.
Security firm Secunia has issued an advisory on the problems and rates the flaws as 'moderately critical'. It urges users to patch as soon as possible.
"The new database vulnerabilities addressed by this critical patch update do not affect Oracle Database Client-only installations that do not have the Oracle Database Server installed," said Oracle in a statement.
"Therefore, it is not necessary to apply this critical patch update to client-only installations if a prior critical patch update, or Alert 68, has already been applied to the client-only installations."
Oracle has come in for severe criticism from security specialists over the time it takes to patch vulnerabilities. In some cases the company has taken two years to issue a vulnerability patch after it was reported.
Flaws reported two years ago remain unfixed, claims security firm
Easier configuration management for customers, claims database giant
Gartner calls for greater openness from database giant
V3.co.uk gets a walk through of the Hero, which includes HTC's new Sense overlay for Android
First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1
NetGear's four-bay compact network-attached storage gets a serious speed boost
Do you agree?
Have your say on this article