Eye on Oracle

Jan 11 2010   3:47PM GMT

Oracle patches fix ‘severe vulnerabilities’ in Database Server, Oracle Secure Backup

Shayna Garlick Shayna Garlick Profile: Shayna Garlick

In Oracle’s last Critical Patch Update, the company released 38 fixes for 21 affected products, most notably some repair work for Oracle 11g, Oracle Application Server and Oracle WebLogic Server. This batch marked the first time that three fixes for Oracle’s core database had the highest vulnerability rating.

What can we expect this time around?

Oracle’s latest Critical Patch Update, to be released Jan. 12, contains only 24 new fixes, according to Oracle’s pre-release announcement. Affected products include the Oracle Database, Primavera, Oracle Application Server, Oracle E-Business Suite and Oracle WebLogic Server.

These vulnerabilities are rated on the CVSS 2.0 scoring system, with metrics that include ease of exploit and impact of a successful attack. Vulnerabilities are scored from 0.0 to 10.0, with 10.0 representing the most severe vulnerability.

Three products in this Patch Update contain vulnerabilities with a 10.0 score  including Oracle Database Server and Oracle Secure Backup, both part of Oracle Database products, and the Oracle JRockit in the Oracle BEA Products Suite.

At this time last year, Oracle had 41 security fixes, and we asked the question: Are Oracle’s Critical Patch Updates really that critical?

We received a variety of responses.  Some of you didn’t install them because you thought they were “just patches for pretend problems, invented by some security ‘expert’,” while others felt the patches were indeed critical, and fairly easy to apply.

Have your views on Oracle patches changed in the last year? Do you install them? If not, why not?

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: