http://www.eweek.com/article2/0,1895,2158203,00.asp
By Brian Prince
July 12, 2007
Oracle has plans to deliver 46 security fixes for its customers by July
17.
According to an Oracle security announcement, the patches will plug
security holes in Oracle Database, Oracle Application Server, Oracle
Collaboration Suite, Oracle E-Business Suite and Applications and Oracle
PeopleSoft Enterprise products. The most serious of the flaws—two
vulnerabilities affecting Oracle PeopleSoft Enterprise products—have a
CVSS score of 4.8.
Twenty of the 46 fixes address issues in the database, and two of the
flaws can be exploited remotely over a network without the need for a
username and password. Fourteen others fix flaws in the Oracle
E-Business Suite and Applications, six of which may be remotely
exploited without authentication.
In addition, four fixes are slated to be issued for Oracle Application
Server, and three are to be issued for Oracle PeopleSoft Enterprise
PeopleTools. Three of the flaws affecting Oracle Application Server can
be exploited remotely.
The upcoming July 17 fixes are part of the company's Critical Patch
Update releases, issued four times year. The last batch, in April,
featured 36 security fixes.
Received on Mon Jul 16 04:14:48 2007