Article

Oracle to patch 37 flaws

Bill Brenner
Oracle Corp. plans to fix 37 flaws across its product line April 17, according to a preview of the upcoming Critical Patch Update (CPU) released late Tuesday.

Attackers could potentially exploit

    Requires Free Membership to View

the most severe flaws to compromise the database server or the host operating system, the Redwood Shores, Calif.-based, database giant said.

The CPU will include 13 fixes for Oracle Database, two for Oracle Enterprise Manager, one for Oracle Workflow Cartridge and one for the Ultra Search component affect code bundled with the Oracle Database. Three of these may be remotely exploited over a network without a username and password.

Five fixes are planned for Oracle Application Server, along with one Oracle Workflow Cartridge fix and one Oracle Secure Enterprise Search fix. Two of the flaws may be remotely exploited over a network without the need for a username and password.

One fix is planned for Oracle Collaboration Suite, including one Oracle Workflow Cartridge fix. Neither issue is remotely exploitable without authentication, Oracle said.

Eleven fixes are planned for Oracle E-Business Suite, two of which may be remotely exploited without authentication.

Two fixes are planned for Oracle Enterprise Manager, both of which may be remotely exploitable without authentication.

Two fixes are planned for Oracle PeopleSoft Enterprise PeopleTools, one for PeopleSoft Enterprise Human Capital Management and one for JD Edwards EnterpriseOne and JD Edwards OneWorld Tools.

If the numbers hold up when the official CPU is released, this will be one of Oracle's smallest patch loads in recent memory.

Its January CPU addressed 51 flaws, while its October 2006 CPU plugged 101 security holes.