Oracle Patches 45 Security Holes in Database, App Server and More

By Brian Prince  |  Posted 2008-07-15

Oracle released 45 security fixes July 15 as part of its latest Critical Patch Update.

The patches bring the total for the year to 112 vulnerabilities patched. The Oracle Database has the most fixes-a total of 11, none of which can be exploited remotely without authentication. The vulnerabilities affect a number of components, including Advanced Querying, Advanced Replication and the core RDBMS (relational DBMS). There are also three fixes affecting the Oracle TimesTen In-Memory Database. All three address vulnerabilities that can be fixed by upgrading to Version or a later edition of the product.

Nine security fixes in the CPU address vulnerabilities in Oracle Application Server, all of which can be exploited remotely without authentication. According to Oracle, none of these fixes apply to client-only installations. The components affected by the flaws include Hyperion BI Plus (formally Hyperion Performance Suite), Oracle HTTP Server, Oracle Internet Directory and Oracle Portal.

There are seven security fixes for Oracle WebLogic Server, three of which can be exploited remotely without authentication.

The release also contains two for Oracle Enterprise Manager, six for Oracle E-Business Suite and Applications, and seven patches addressing vulnerabilities in Oracle PeopleSoft Enterprise products.

The next CPU release is slated for Oct. 14.

Rocket Fuel