Oracle repaired two flaws in its database management system as part of its quarterly update this week that included 78 patches across its product portfolio.
One of the Oracle Database Server vulnerabilities is remotely exploitable, according to the Oracle January 2012 Critical Patch Update Advisory. The updates affect Oracle Database 10g and 11g release 1 and 2. The flaws are located in the listener and the core of the DBMS, Oracle said.
Application Security Inc.’s research arm, TeamSHATTER, which says it has discovered and disclosed multiple vulnerabilities to Oracle that are currently in Oracle's update queue, called Oracle’s latest round of updates a record low for database fixes.
Oracle started the CPU program in January 2005. The previous record low was set in the last CPU in October with just five fixes to Oracle’s database management systems. Prior to that, there were three different CPUs that had just six fixes, according to Application Security.
Oracle did release a massive update to its MySQL open source database management system. The CPU contained updates repairing 27 fixes for Oracle MySQL. One of the errors is remotely exploitable without authentication, Oracle said.
Among the most critical updates is Oracle Solaris, which fixes eight vulnerabilities including a serious vulnerability with a common vulnerability scoring
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to searchSecurity.in you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of searchSecurity.in is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
system (CVSS) score of 7.8. The update
also includes three fixes in the Glassfish application server.
Redwood Shores, Calif.-based vulnerability management vendor Qualys Inc. said overall the Oracle update was large for software users. The company said fixes to Weblogic/Apache and Solaris, which are Internet accessible, should be a priority.
Other updates associated with the January 2012 quarterly CPU affected Oracle’s Fusion middleware, its PeopleSoft and JD Edwards software and its Sun Product Suite. Oracle also repaired three vulnerabilities in its E-Business Suite.
The updates included fixes for three flaws affecting Oracle Virtualization. The updates affected Oracle VirtualBox and Oracle’s Virtual Desktop Infrastructure. None of the vulnerabilities are remotely exploitable.