Oracle Patches 45 Security Holes in Database, App Server and More
The Oracle Patch Update includes 45 security fixes, including 11 for the Oracle Database. Also included are nine security fixes for Oracle Application Server, seven for Oracle WebLogic Server, two for Oracle Enterprise Manager, six for Oracle E-Business Suite and Applications, and seven for Oracle PeopleSoft Enterprise products.Oracle released 45 security fixes July 15 as part of its latest Critical Patch Update. The patches bring the total for the year to 112 vulnerabilities patched. The Oracle Database has the most fixes-a total of 11, none of which can be exploited remotely without authentication. The vulnerabilities affect a number of components, including Advanced Querying, Advanced Replication and the core RDBMS (relational DBMS). There are also three fixes affecting the Oracle TimesTen In-Memory Database. All three address vulnerabilities that can be fixed by upgrading to Version 126.96.36.199.0 or a later edition of the product.
Nine security fixes in the CPU address vulnerabilities in Oracle Application Server, all of which can be exploited remotely without authentication. According to Oracle, none of these fixes apply to client-only installations. The components affected by the flaws include Hyperion BI Plus (formally Hyperion Performance Suite), Oracle HTTP Server, Oracle Internet Directory and Oracle Portal.