Oracle Patches 86 Flaws in Database and Enterprise Products
Written by Kay Ewbank   
Thursday, 17 January 2013

Oracle’s latest Critical Patch Update addresses 86 security vulnerabilities affecting many products including MySQL. The most serious security problem being fixed scores 10 on the Common Vulnerability Scoring System (CVSS), and addresses a problem in the Oracle Mobile Server database.

 

A Critical Patch Update (CPU) from Oracle is a collection of patches for multiple security vulnerabilities and is issued at intervals with the patches being cumulative, that is each one builds on previous ones.

The January 2013 CPU contains 86 new security fixes and its Update Advisory, which provides the full list of fixes, contains the advice:

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.

There are 18 MySQL security problems being fixed, of which two are rated 9 on the CVSS score. Both can be run remotely without the need for user authentication. There’s one fix for the full edition of Oracle Database including versions 10g R2, 11g R1, and 11g R2, but it doesn’t address the problem known to exist in the Oracle Database TNS Listener.

The two most serious fixes for MySQL are one fix affecting the SQL parser, and another affecting server privileges. Other fixes for MySQL are for server replication, stored procedures, and server locking.

Other patches address problems in Oracle Fusion, Enterprise Manager Grid Control, E-Business Suite, and Supply Chain Products Suite, along with products from the PeopleSoft, JD Edwards and Solaris ranges.

This scheduled CPU follows on the heels of the patch issued by Oracle to fix a security vulnerability in Java that had led the U.S. Department of Homeland Security to advise computer users to disable the Java plug-in.Some of the vulnerabilities addressed by this CPU are similarly flaws which, if exploited, could allow an attacker to remotely execute code on a targeted system. However, don’t expect all the security issues to be solved at a stroke. Next month will bring a further set of fixes.

 

 

 

More Information

Oracle Critical Update Advisory - January 2013

Related Articles

Java Still Insecure Warns Homeland Security

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin,  or sign up for our weekly newsletter.

 

blog comments powered by Disqus

 

Banner


Complexity Theorist Gets Abel Prize
02/04/2014

The Abel prize is sometimes called the Noble Prize for mathematics, but then so is the Fields medal. The good news this year is that the recipient, Yakov G Sinai, is known for his work in computationa [ ... ]



Facebook Buys Oculus VR
26/03/2014

Oculus VR, which has a virtual reality headset under development, has been snapped up by Facebook in a deal valued at $2 billion. What does this mean for the future of VR?


More News

Last Updated ( Thursday, 17 January 2013 )
 
 

   
RSS feed of news items only
I Programmer News
Copyright © 2014 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.