Oracle prepares to issue new patches

By Dave Nixon

Oracle is prepared to patch numerous defects in its software products, together with crucial bugs in the company’s database, e-business suite and application server.

In its opening security update of 2008, on Tuesday, Oracle will distribute 27 security patches, several affecting a number of products.

Oracles Critical Patch Update (CPU) sees the release of patches every three months. By Oracle’s standards the January’s patch-fix total is relatively small. October saw 51 vulnerabilities patched.

Typically, Oracle’s database will be a key focal point of the CPU. Oracle intends to dispatch eight security fixes for the Oracle Database, dealing with bugs in the software’s advanced queuing, core RDBMS, Oracle Agent, Oracle Spatial and XML database software.

Unless the attacker first acquires a username and password for the database the vulnerabilities cannot be exploited over a network.

E-Business Suite, Oracle’s next most-patched product, will take delivery of seven updates, three of which are for bugs that can be remotely exploited by attackers without usernames or passwords for the system.

Addressing flaws in components such as the product’s BPEL, Worklist Application, Oracle Forms and Oracle Internet Directory software, the Oracle Application Server will receive six bug-fixes.

Finally, Oracle is scheduling four updates for its PeopleSoft and JD Edwards products, including one fix apiece for Oracle Enterprise Manager and the Oracle Collaboration Suite.