Oracle to Patch 24 Security Flaws

Database server giant Oracle is joining Microsoft and Adobe this Patch Tuesday.As part of its Critical Patch Update schedule, Oracle plans to ship 24 security patches on January 12 to cover a wide range of serious vulnerabilities in its database and application server products.

Database server giant Oracle is joining Microsoft and Adobe this Patch Tuesday.

As part of its Critical Patch Update schedule, Oracle plans to ship 24 security patches on January 12 to cover a wide range of serious vulnerabilities in its database and application server products.

“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible,” the company said in an advance notice.

Here’s the breakdown of patches:

Oracle Database: This Critical Patch Update contains 10 new
security vulnerability fixes for the Oracle Database which includes 1 vulnerability fix for Oracle Secure Backup. 2
of these vulnerabilities may be remotely exploited without
authentication, i.e., may be exploited over a network without the need
for a username and password. 
None of these fixes are applicable to Oracle Database client-only
installations, i.e., installations that do not have the Oracle Database
installed.

Oracle Application Server: This Critical Patch Update contains 3 new security fixes for the Oracle Application
Server. All of these vulnerabilities may be remotely exploitable without
authentication, i.e., may be exploited over a network without the need for a
username and password. None of these fixes are applicable to client-only
installations, i.e., installations that do not have an Oracle Application Server
installed.

Oracle E-Business Suite and Applications: This Critical Patch Update contains 3 new security fixes for the Oracle Applications
Suite. All of these vulnerabilities may be remotely exploitable without
authentication, i.e., may be exploited over a network without the need for a
username and password. None of these fixes are applicable to client-only
installations, i.e., installations that do not have an Oracle Applications
installed.

The update also covers security holes in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne; Oracle BEA Products; and the Oracle Primavera Product Suite.

Suggested articles