Oracle delivers database fixes in Critical Patch Update
Oracle has confirmed that it released 38 fixes yesterday as part of its quarterly Critical Patch Update, with three of those fixes being classified with the highest vulnerability rating of 10 for the company's core database.
The affected products, numbering 21 in total, include Oracle Database 9i Release 2, 10g, 10g Release 2, 11g, Oracle Application Server 10g, and Oracle WebLogic Server. Six of the security patches deal with vulnerabilities that permit access to the Oracle Database without requiring a user name or password, according to the company. Also susceptible to outside attacks not requiring authentication are Oracle's BEA products including JRockit and WebLogic.
In his blog, Eric Maurice, manager of security in Oracle's global technology business unit, wrote: "Because of the severity of the database vulnerabilities, Oracle recommends that this Critical Patch Update (CPU) be applied against the affected systems as soon as possible."