Applications

Oracle issues 136 patches to address major security threats

Oracle’s quarterly update promises to be a mammoth task for system administrators, delivering 136 patches for flaws across the entire spectrum of Oracle packages.

The usual suspects are being patched in the critical patch update, including Java. But patches are also available for the Oracle database, and JD Edwards, PeopleSoft, Siebel and Sun Microsystems product ranges – Oracle has acquired a lot of companies over the years.

It should be noted that Oracle has a history of delivering large patch updates. Indeed, its last quarter update was in January, which addressed a staggering 248 vulnerabilities according to security firm ERPScan.

Patch Breakdown

At least five of the vulnerabilities in the latest update have been given the highest severity rating.

This Critical Patch Update provides fixes for a wide range of product families including: Oracle Database Server, Oracle E-Business Suite, Oracle Fusion Middleware, Oracle Sun Products, Oracle Java SE, and Oracle MySQL,” said Oracle in a blog post on the matter. “Oracle recommends this Critical Patch Update be applied as soon as possible.”

The largest amount of patches (31) are for Oracle MySQL. Oracle Fusion Middleware meanwhile gets 22 patches, Oracle Sun System Product gets 18, Oracle PeopleSoft gets 15, and Oracle Java SE gets nine.

Tightening Security

Oracle has been busy on the security front recently. Last month it issued an emergency patch for Java to prevent hackers from remotely executing code without the need for user credentials.

It also recently added Leon Panetta, former US secretary of defence and former director of the Central Intelligence Agency (CIA), to its board of directors in an effort to improve its security credentials.

In January, Australian security researcher David Litchfield revealed that he had uncovered a “major” back door in versions of Oracle’s E-Business Suite.

The back door could be used by attackers to gain complete control of a database, and was a result of a misconfiguration flaw.

Oracle patched that flaw in its January patch update.

Antony Savvas

York, UK-based Antony Savvas has been a technology journalist for 25 years and has expertise in all major areas of enterprise and consumer IT. He has worked for a number of leading technology magazines and websites and his work is syndicated across the internet. He also undertakes corporate work for some of the world's leading technology companies.

Leave a Comment
Share
Published by
Antony Savvas
Tags: databaseOraclesecurity
8 years ago

Recent Posts

Flashpoint enters new chapter with global partner programme

Security vendor Flashpoint debuts partner programme following $28m funding

7 years ago

Channel partner “disconnect” hindering growth

Complex buying journeys and sprawling partner networks hampering customer experience, says Accenture

7 years ago

Cyxtera launches global channel partner programme

Datacentre provider Cyxtera says launch is “milestone in our go-to-market strategy”

7 years ago

US IT provider brings mainframe services to UK

Ensono highlights importance of mainframes still to major industries

7 years ago

VASCO and Nuvias expand distribution across EMEA

Security vendor VASCO looks to replicate UK and German set up across EMEA

7 years ago

Splunk says channel investments driving growth

Splunk details investment in Partner+ programme at .conf2017

7 years ago