Oracle has released a missing fix for the database flaw rated most deadly in the Critical Patch Update the company released last week.
The flaw, dubbed DB01 in the update issued April 17, is in the Core RDBMS (relational database management system) and can be remotely exploited over the network by an attacker sans user identification or password authentication. The flaw is specific to the Windows operating system and affected the 9.2.0.8 version of the database.
On Friday, Eric Maurice of Oracle posted a note on a company blog announcing the Critical Patch Update for the Windows 32-bit version of the 9.2.0.8 database is now available.
“The original version of that MetaLink note stated that Windows 32-bit was not yet available for Database version 9.2.0.8,” wrote Maurice, who is manager for security in Oracles Global Technology Business Unit. “At this time, however, the Critical Patch Update for the Windows 32-bit version of the 9.2.0.8 database has become available and the MetaLink note has been updated.”
“Oracle highly recommends that customers apply the most recent Critical Patch Update as soon as possible,” Maurice continued.
With a threat rating of 7.0 out of a possible 10, DB01 was the only flaw patched in the April update that received higher than a 4.2 rating according to the Common Vulnerability Scoring System. The next highest rating for a database flaw was 3.4.
In all, Oracle released 13 security fixes for issues affecting the companys database products. The next Critical Patch Update is slated for July 17.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.