Oracle Releases Critical Updates -- Redmond Channel Partner

Oracle Releases Critical Updates

By Joab Jackson
July 16, 2008

Oracle has released the latest quarterly round of critical patches for all its products.

Among the applications being updated are the Oracle database 9i through 11g, Oracle Application Server, Oracle PeopleSoft Enterprise CRM and the Oracle WebLogic Server (formerly BEA WebLogic Server).

Among the vulnerabilities being fixed are:

A library path vulnerability in the Oracle database: This flaw allows Oracle users to execute code with root privileges by overriding the root program that sets user rights, according to security research firm iDefense. The vulnerability, which resides on Unix and Linux platforms, has been assigned the number in the CVE-2008-2613 in the Common Vulnerabilities and Exposures vulnerability database.

A buffer overflow vulnerability in the Oracle database: This flaw allows users to execute code with database user privileges, according to iDefense. A queuing routine does not validate input, allowing an attacker to enter a long string of code that will overflow the buffer and place potentially damaging commands into memory. CVE-2008-2607.

An input validation vulnerability in the Oracle Internet Directory: This flaw can enable a denial-of-service attack and bring down the directory by sending a flood of bogus Lightweight Directory Access Control packets to the program, according to iDefense. CVE-2008-2595.

Oracle releases critical patches in bundles on a quarterly basis. "They are released on the Tuesday closest to the 15th day of January, April, July and October," according to a page explaining the release schedule.

Typically, Oracle announces security fixes only when fixes are available for all the different platforms and versions. For most of Oracle's chief products, such as the Oracle Database Server and the Oracle Application Server, the patches are cumulative, meaning they contain all the fixes from previous critical patch updates. Patches for other products are provided on a one-off basis, meaning older patches will need to be applied independently.

This quarterly patch cycle is the first to assign CVE Identifiers (CVE-IDs) to vulnerabilities, according to Mitre, which oversees CVE management.

About the Author

Joab Jackson is the chief technology editor of Government Computing News (GCN.com).

Free Webcast! Learn about Password Management Best Practices

Featured

Microsoft Outlook Service Goes Down

Users of Microsoft 365 services, especially the Outlook on the Web App, experienced a service disruption on Monday, June 5.
Microsoft Announces Designer Support for Teams

Microsoft Teams will be receiving new and updated features, including support for its AI-powered Designer tool.
Windows 11 To Get Token Protection, Windows 365 Boot and Windows Autopatch

Windows 11 users are getting new features, which are expected to arrive at latest in July, per a Microsoft announcement this week.
Microsoft Edge Getting Copilot AI, plus Dev and Management Perks

The Microsoft Edge browser is getting lots of enhancements, as announced this week at Microsoft Build.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

Oracle Releases Critical Updates

Featured

Microsoft Outlook Service Goes Down

Microsoft Announces Designer Support for Teams

Windows 11 To Get Token Protection, Windows 365 Boot and Windows Autopatch

Microsoft Edge Getting Copilot AI, plus Dev and Management Perks

2023 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Planning Additional Job Cuts in May

The 'Influencer MSP' Approach to New Products

AIOps Key to MSP Survival in the AI Revolution

Microsoft Releases Multiple Products at Build 2023 Event

2023 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Planning Additional Job Cuts in May

The 'Influencer MSP' Approach to New Products

AIOps Key to MSP Survival in the AI Revolution

Microsoft Releases Multiple Products at Build 2023 Event

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Cloud Security 101 for MSPs: How to Safeguard Customer Data in Azure and Microsoft 365

Service Providers: Capture the AWS and Azure BaaS Opportunity

Coffee Talk: Top Email Security Threats in 2023: What Partners Need to Know

Extend Veeam-powered BaaS to Microsoft 365

FREE WHITE PAPERS FROM OUR SPONSORS

10 Keys to Protecting Your Microsoft 365 Data

Expand your Portfolio with BaaS for Public Cloud

The Evolution of Endpoint Detection and Response (EDR) - Datto EDR Buyers Guide

Achieving Ransomware Resiliency with BaaS and DRaaS