Freigeben über

Oracle plugs 101 security flaws

  • Artikel

Auch Oracle ist dem Beispiel Microsoft´s gefolgt. Neue Sicherheits Aktualisierungen werden in einem bestimmten geplanten Rhytmus publiziert. Ist der zeitliche Abstand bei Microsoft monatlich, so muss der Kunde bei Oracle jeweils ein viertel Jahr, also drei Monate, auf die Aktualisierungen warten. So summieren sich die Sicherheits-Aktualisierungen natürlich schnell auf. Wobei über 100 Sicherheits Löcher bei Oracle Produkten schon eine erkleckliche Anzahl sind.

By Joris Evers, Staff Writer, CNET News.com
Published: October 17, 2006, 4:09 PM PDT

As part of its quarterly patch cycle, Oracle released fixes on Tuesday for 101 security vulnerabilities across its products.

"In terms of critical fixes, the majority of them lie within the application server product," said Darius Wiles, the senior manager for security alerts at Oracle. "There is a number that could be exploited both remotely and without authentication, and those are the ones that customers should be most concerned about and fix as soon as possible."

Oracle's October security update is the first of its quarterly bulletins to contain severity ratings. Also, the alert now more clearly denotes which flaws could be exploited remotely by anonymous attackers, the most serious type of vulnerability.

Many of the issues are significant. Thirty of the Oracle Database related flaws open systems up to unauthenticated, remote attacks, according to the alert. For Application Server, 13 flaws carry that risk, as does one in E-Business Suite and one in PeopleSoft products.

"There is a lot of fixes this time…they seem to be getting on top of the bug fixing," Pete Finnigan, a security specialist in York, England, wrote on his blog Tuesday. "I am impressed by the new style advisory; it's not perfect, it is much better than it was."

Oracle's next patch day is Jan. 16.

https://news.com.com/Oracle+plugs+101+security+flaws/2100-1002_3-6126864.html?tag=nefd.top

IceRocket tags: Medienartikel, Security

Technorati tags: Medienartikel, Security

Gerhard

Comments

  • Anonymous
    January 01, 2003
    The comment has been removed