Oracle patch security vulnerability includes 23 database flaws

Oracle local time 18th released a July security update to repair 65 software deficiencies, including a number of serious cross product issues.

The repairs include many serious weaknesses. Darius Wiles, Oracle's senior manager responsible for security warnings, said 27 of the 65 errors could be exploited by anonymous remote attackers.

Oracle does not recommend any alternative, only to urge customers to repair the system as soon as possible. "We fix flaws in a serious order," Wiles said. Critical Patch Update (Critical patch update, abbreviation CPU) is part of the most urgent. We strongly recommend that customers implement these security patches as soon as possible. ”

Oracle's July CPU fixes 23 Database product flaws, 1 Collaboration Suite collaboration suite software issues, 10 Application server flaws, 20 e-business Suite and application related issues, 4 weaknesses in Enterprise Manager, PeopleSoft (PeopleSoft) Enterprise Portal software and JD Edwards Software, also two and one vulnerabilities were patched.

In addition, the Oracle database with the client software, this time also has 4 security vulnerabilities to repair. This is the second time Oracle has been providing PC software updates since the January 2005 launch of the CPU.

Wiles said: "Customers need to consider using the July CPU to update their desktop computers, but most of the CPU only for the database server." ”

According to Oracle's security warning, 3 of the 4 flaws in the client software are considered serious problems and can be exploited by remote attackers without any verification. The update also covers a database weakness that the company accidentally exposed this April.

Oracle has always adopted a policy of secrecy and closure on security topics, but April 6 posted an outstanding detail on its Metalink client website.

At the same time, Oracle's security update policy has also suffered fierce criticism from outside. The company hopes to wash its notoriety this time, Wiles said: "Our goal is to provide quality patches on the official release day." ”

The July update should cover 250 software fixes for Oracle products on a variety of operating system platforms, Wiles said. However, 10 of them remain unfinished and some may take a longer time.

Oracle has not found that the weakness of the patch has been used to launch any attack. The company's slow response to security issues has been criticized by security experts. Wiles said that the current issue of receiving briefings will be resolved with future updates.